File 0011-CVE-2019-13104-ext4-check-for-under.patch of Package u-boot-qemu-riscv64

Overview Repositories Revisions Requests Users Attributes Meta

File 0011-CVE-2019-13104-ext4-check-for-under.patch of Package u-boot-qemu-riscv64 (Revision fd1a80d1c732d4e032bf2ac739d0e2dc)

Currently displaying revision fd1a80d1c732d4e032bf2ac739d0e2dc , Show latest

From 4c97c0c06a31b7e15d4acbe9986968e8dbf47d14 Mon Sep 17 00:00:00 2001
From: Paul Emge <paulemge@forallsecure.com>
Date: Mon, 8 Jul 2019 16:37:05 -0700
Subject: [PATCH] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file

in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.

This fixes bsc#1144675.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
(cherry picked from commit 878269dbe74229005dd7f27aca66c554e31dad8e)
[mb: delete ext_cache_fini() call as we don't implent caches for ext4]
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
---
 fs/ext4/ext4fs.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index 54f65e7e11..0b4dc3157c 100644
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -64,13 +64,13 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 	char *start_buf = buf;
 	short status;
 
-	if (blocksize <= 0)
-		return -1;
-
 	/* Adjust len so it we can't read past the end of the file. */
 	if (len + pos > filesize)
 		len = (filesize - pos);
 
+	if (blocksize <= 0 || len <= 0)
+		return -1;
+
 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
 
 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {

Places

File 0011-CVE-2019-13104-ext4-check-for-under.patch of Package u-boot-qemu-riscv64 (Revision fd1a80d1c732d4e032bf2ac739d0e2dc)

Places