kernel_google_marlin.git - kernel_google

diff options

author	Theodore Ts'o <tytso@mit.edu>	2018-06-14 12:55:10 -0400
committer	Andrew Lehmer <alehmer@google.com>	2018-10-31 19:46:39 +0000
commit	8a5902ee807b8d894428c9eb5e4303f39fd0f676 (patch)
tree	9245a473755d4bcd4eeb243cc9ae4f3c3c75eddd /net/lapb/lapb_subr.c
parent	d8dbc90ca836ef5c46e701cb37e519c6c980787c (diff)

ext4: verify the depth of extent tree in ext4_find_extent()

commit bc890a60247171294acc0bd67d211fa4b88d40ba upstream. If there is a corupted file system where the claimed depth of the extent tree is -1, this can cause a massive buffer overrun leading to sadness. This addresses CVE-2018-10877. https://bugzilla.kernel.org/show_bug.cgi?id=199417 Bug: 116406625 Change-Id: I899794d207d73c5f160e53d8f41bd37de6e69976 Signed-off-by: Theodore Ts'o <tytso@mit.edu> [bwh: Backported to 3.16: return -EIO instead of -EFSCORRUPTED] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Cc: Greg Hackmann <ghackmann@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/lapb/lapb_subr.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: