Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
u-boot-rock960-rk3399
0011-CVE-2019-13104-ext4-check-for-under.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0011-CVE-2019-13104-ext4-check-for-under.patch of Package u-boot-rock960-rk3399
From 4c97c0c06a31b7e15d4acbe9986968e8dbf47d14 Mon Sep 17 00:00:00 2001 From: Paul Emge <paulemge@forallsecure.com> Date: Mon, 8 Jul 2019 16:37:05 -0700 Subject: [PATCH] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. This fixes bsc#1144675. Signed-off-by: Paul Emge <paulemge@forallsecure.com> (cherry picked from commit 878269dbe74229005dd7f27aca66c554e31dad8e) [mb: delete ext_cache_fini() call as we don't implent caches for ext4] Signed-off-by: Matthias Brugger <mbrugger@suse.com> --- fs/ext4/ext4fs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c index 54f65e7e11..0b4dc3157c 100644 --- a/fs/ext4/ext4fs.c +++ b/fs/ext4/ext4fs.c @@ -64,13 +64,13 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, char *start_buf = buf; short status; - if (blocksize <= 0) - return -1; - /* Adjust len so it we can't read past the end of the file. */ if (len + pos > filesize) len = (filesize - pos); + if (blocksize <= 0 || len <= 0) + return -1; + blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize); for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor