From: Jan Kara <jack@suse.cz>
To: "cgxu519@zoho.com.cn" <cgxu519@zoho.com.cn>
Cc: Jan Kara <jack@suse.cz>, jack@suse.com, linux-ext4@vger.kernel.org
Subject: Re: [PATCH] ext2: strengthen value length check in ext2_xattr_set()
Date: Fri, 24 May 2019 10:33:00 +0200 [thread overview]
Message-ID: <20190524083300.GC28972@quack2.suse.cz> (raw)
In-Reply-To: <02e827aededb5b925ec74d1e38d6dfd71f165203.camel@zoho.com.cn>
On Fri 24-05-19 14:11:34, cgxu519@zoho.com.cn wrote:
> On Wed, 2019-05-22 at 11:50 +0200, Jan Kara wrote:
> > On Wed 22-05-19 16:28:46, Chengguang Xu wrote:
> > > Actually maximum length of a valid entry value is not
> > > ->s_blocksize because header, last entry and entry
> > > name will also occupy some spaces. This patch
> > > strengthens the value length check and return -ERANGE
> > > when the length is larger than allowed maximum length.
> > >
> > > Signed-off-by: Chengguang Xu <cgxu519@zoho.com.cn>
> >
> > Thanks for the patch! But what's the point of this change? We would return
> > ERANGE instead of ENOSPC? I don't think that's serious enough to warrant
> > changing existing behavior...
>
> Hi Jan,
>
> Instead of adding the check here, I propose to change value
> size limit check in ext2_xattr_entry_valid().
>
> size = le32_to_cpu(entry->e_value_size);
> if (size > end_offs ||
> le16_to_cpu(entry->e_value_offs) + size > end_offs)
>
> Change to
>
> size = EXT2_XATTR_SIZE(le32_to_cpu(entry->e_value_size));
> if (size >= end_offs - sizeof(struct ext2_xattr_header) - sizeof(__u32) ||
> le16_to_cpu(entry->e_value_offs) + size > end_offs)
I don't think this makes a big difference. Look: end_offs is always aligned to
EXT2_XATTR_PAD (it is always block size) so if entry->e_value_offs is
properly aligned (which we may want to check), then
le16_to_cpu(entry->e_value_offs) + EXT2_XATTR_SIZE(size) > end_offs if and
only if le16_to_cpu(entry->e_value_offs) + size > end_offs.
Also the check le16_to_cpu(entry->e_value_offs) + size > end_offs is the
essential and strongest part - it checks whether the value does not extend
beyond block. The check size > end_offs is needed only for the case where
le16_to_cpu(entry->e_value_offs) + size would overflow and result in a
negative number.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
prev parent reply other threads:[~2019-05-24 8:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-22 8:28 [PATCH] ext2: strengthen value length check in ext2_xattr_set() Chengguang Xu
2019-05-22 9:50 ` Jan Kara
2019-05-22 11:13 ` cgxu519
2019-05-24 6:11 ` cgxu519
2019-05-24 8:33 ` Jan Kara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190524083300.GC28972@quack2.suse.cz \
--to=jack@suse.cz \
--cc=cgxu519@zoho.com.cn \
--cc=jack@suse.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.