From: Eric Biggers <ebiggers@google.com>
To: Andreas Dilger <adilger@dilger.ca>
Cc: linux-ext4@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>
Subject: Re: [PATCH 3/3] ext4: correctly detect when an xattr value has an invalid size
Date: Mon, 28 Nov 2016 15:50:35 -0800 [thread overview]
Message-ID: <20161128235035.GC145516@google.com> (raw)
In-Reply-To: <ED9B2B5D-25DD-4D4A-9F1C-86656B154AA8@dilger.ca>
On Mon, Nov 28, 2016 at 12:50:02PM -0700, Andreas Dilger wrote:
> On Nov 26, 2016, at 11:39 PM, Eric Biggers <ebiggers@google.com> wrote:
> >
> > It was possible for an xattr value to have a very large size, which
> > would then pass validation on 32-bit architectures due to a pointer
> > wraparound. Fix this by validating the size in a way which avoids
> > pointer wraparound.
>
> It isn't actually possible for a valid xattr value to be very large.
> At most 65536 bytes even with large blocks, so it might be easier to
> directly check that e_value_size is not too large rather than trying
> to deal with values of 0xfffffffe bytes or similar?
>
I suppose we could do something like
EXT4_XATTR_SIZE(size) > end - value || size > EXT4_MAX_BLOCK_SIZE
instead of
size > end - value || EXT4_XATTR_SIZE(size) > end - value
But I don't think it's really any better.
Eric
next prev parent reply other threads:[~2016-11-28 23:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-27 6:39 [PATCH 1/3] ext4: forbid i_extra_isize not divisible by 4 Eric Biggers
2016-11-27 6:39 ` [PATCH 2/3] ext4: don't read out of bounds when checking for in-inode xattrs Eric Biggers
2016-11-28 19:43 ` Andreas Dilger
2016-12-01 19:52 ` Theodore Ts'o
2016-11-27 6:39 ` [PATCH 3/3] ext4: correctly detect when an xattr value has an invalid size Eric Biggers
2016-11-28 19:50 ` Andreas Dilger
2016-11-28 23:50 ` Eric Biggers [this message]
2016-12-01 20:00 ` Theodore Ts'o
2016-11-28 19:30 ` [PATCH 1/3] ext4: forbid i_extra_isize not divisible by 4 Andreas Dilger
2016-12-01 19:49 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161128235035.GC145516@google.com \
--to=ebiggers@google.com \
--cc=adilger.kernel@dilger.ca \
--cc=adilger@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.