diff options
Diffstat (limited to 'debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch')
-rw-r--r-- | debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch b/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch deleted file mode 100644 index 06220d2f2f8e..000000000000 --- a/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Theodore Ts'o <tytso@mit.edu> -Date: Thu, 14 Jun 2018 12:55:10 -0400 -Subject: ext4: verify the depth of extent tree in ext4_find_extent() -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=0a8173832987f52ab6926dbdf1cd3991ca615000 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10877 - -If there is a corupted file system where the claimed depth of the -extent tree is -1, this can cause a massive buffer overrun leading to -sadness. - -This addresses CVE-2018-10877. - -https://bugzilla.kernel.org/show_bug.cgi?id=199417 - -Signed-off-by: Theodore Ts'o <tytso@mit.edu> ---- - fs/ext4/ext4_extents.h | 1 + - fs/ext4/extents.c | 6 ++++++ - 2 files changed, 7 insertions(+) - ---- a/fs/ext4/ext4_extents.h -+++ b/fs/ext4/ext4_extents.h -@@ -91,6 +91,7 @@ struct ext4_extent_header { - }; - - #define EXT4_EXT_MAGIC cpu_to_le16(0xf30a) -+#define EXT4_MAX_EXTENT_DEPTH 5 - - #define EXT4_EXTENT_TAIL_OFFSET(hdr) \ - (sizeof(struct ext4_extent_header) + \ ---- a/fs/ext4/extents.c -+++ b/fs/ext4/extents.c -@@ -869,6 +869,12 @@ ext4_find_extent(struct inode *inode, ex - - eh = ext_inode_hdr(inode); - depth = ext_depth(inode); -+ if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) { -+ EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d", -+ depth); -+ ret = -EFSCORRUPTED; -+ goto err; -+ } - - if (path) { - ext4_ext_drop_refs(path); |