diff options
Diffstat (limited to 'debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch')
-rw-r--r-- | debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch b/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch deleted file mode 100644 index 2522bcb4c422..000000000000 --- a/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Theodore Ts'o <tytso@mit.edu> -Date: Wed, 13 Jun 2018 00:51:28 -0400 -Subject: ext4: always verify the magic number in xattr blocks -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3345c50533c6a17ebc0284362ca7b69aaef37ac4 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879 - -If there an inode points to a block which is also some other type of -metadata block (such as a block allocation bitmap), the -buffer_verified flag can be set when it was validated as that other -metadata block type; however, it would make a really terrible external -attribute block. The reason why we use the verified flag is to avoid -constantly reverifying the block. However, it doesn't take much -overhead to make sure the magic number of the xattr block is correct, -and this will avoid potential crashes. - -This addresses CVE-2018-10879. - -https://bugzilla.kernel.org/show_bug.cgi?id=200001 - -Signed-off-by: Theodore Ts'o <tytso@mit.edu> -Reviewed-by: Andreas Dilger <adilger@dilger.ca> ---- - fs/ext4/xattr.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c -index 230ba79715f6..0263692979ec 100644 ---- a/fs/ext4/xattr.c -+++ b/fs/ext4/xattr.c -@@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh, - { - int error = -EFSCORRUPTED; - -- if (buffer_verified(bh)) -- return 0; -- - if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) || - BHDR(bh)->h_blocks != cpu_to_le32(1)) - goto errout; -+ if (buffer_verified(bh)) -+ return 0; -+ - error = -EFSBADCRC; - if (!ext4_xattr_block_csum_verify(inode, bh)) - goto errout; |