UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

fibmap: Reject negative block numbers 

FIBMAP receives an integer from userspace which is then implicitly converted
into sector_t to be passed to bmap(). No check is made to ensure userspace
didn't send a negative block number, which can end up in an underflow, and
returning to userspace a corrupted block address.

As a side-effect, the underflow caused by a negative block here, will
trigger the WARN() in iomap_bmap_actor(), which is how this issue was
first discovered.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Carlos Maiolino 2020-01-09 14:30:45 +01:00 committed by Al Viro
parent 0d89fdae2a
commit 324282c025
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fs/ioctl.c
View File

@ -65,6 +65,9 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
if (error)
return error;
if (ur_block < 0)
return -EINVAL;
block = ur_block;
error = bmap(inode, &block);