| Message ID | 20230517161227.141529-3-cengiz.can@canonical.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <kernel-team-bounces@lists.ubuntu.com> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=lhkxue6n; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLynd0dD6z20dX for <incoming@patchwork.ozlabs.org>; Thu, 18 May 2023 02:13:09 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from <kernel-team-bounces@lists.ubuntu.com>) id 1pzJlu-0006S4-De; Wed, 17 May 2023 16:13:02 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from <cengiz.can@canonical.com>) id 1pzJls-0006Qv-UC for kernel-team@lists.ubuntu.com; Wed, 17 May 2023 16:13:00 +0000 Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 8600C3F1A6 for <kernel-team@lists.ubuntu.com>; Wed, 17 May 2023 16:13:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1684339980; bh=mct0iOlD5ZlcmkZHjPR1Kz+kEhbAGwXxTxUtlXlPTGY=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lhkxue6n2W7Os7LmA7oQPljHEFe241XG9fp966rxNtaspnpU7ma9/1qxJVDcYCh85 MbXo4FY64JFOvEoxorAmKPCRJaGp8q0PTosQTyq1pRUFGgIG1flF7SvN+v7ToYz69c +NwRvIo3v38mILy+us2sf68Czj4zpquB20GN7+fRyOPzlKgsifB6f+xFeTpAVjPFv0 W6P8WpzNK2VOVUbGPnfnuAggNKXmUceDY+KAxMHPEyrPG3JqTXpMBmxyC0DauBlxFd b6XppKKdX8ByZjmAtzXUsII7FW7SAizlUdTaELJjpLFZnhTTJrKhajGQZF01AaHXYw 5b4mcyQwxfbxQ== Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-510d1971474so825565a12.0 for <kernel-team@lists.ubuntu.com>; Wed, 17 May 2023 09:13:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684339980; x=1686931980; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mct0iOlD5ZlcmkZHjPR1Kz+kEhbAGwXxTxUtlXlPTGY=; b=Klqq32qMFHq0qVcNNeM2q3VHGJXUi+WqzwEcLZq7A27390wYJ4kul9XQ3CTP4bMwco gOUYbLG++he88dulFbP9Xcurc6cRJhwuKKh6eXh0rnF96bdpd4viz5FxVT/I0ZCebbZK i7JDkMNTv7A3LWPwOWreJZ5SlzF3HIzfIwX5COdZ/aXZxUv6dotm6YO3njMwYXI4Qakm 8QxSvpe10H9zaqZ1UW0Nnjag4y1yV6xdWWDsk4PWIm0FtmKvg/IYCLm4ZZv/DGUA89zk p5gZ41HfaQgh7ExBaW+dCInP+jaGls5waksoT2uy9OTT3nf2RzQnk5ostdkGnXVPka7M tDEw== X-Gm-Message-State: AC+VfDzmGzugLpZ47dSNk7rP07FRH+NPJjftpSmC4gsPy2xc52eRtKBn VyKf8dZ7P0gGwxwdylez40+okD9Lrw1lI+y5d+c+Oi1onM/hwveBV/vtjWolO3C6PR28iWsCeWE iQeXBQwje9mI0hbftltZtapK5f7sEOiJbEw+zPep7YaJF4XZDf37enps= X-Received: by 2002:aa7:df12:0:b0:504:b30a:2298 with SMTP id c18-20020aa7df12000000b00504b30a2298mr2207378edy.42.1684339979982; Wed, 17 May 2023 09:12:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5QdAMZRQ+mH+JihxxiTPUnFOHHl4b5QSo7Tcwj6vb4+CjCmpdoWc2VJ1xDuEJWdppWzfJLDQ== X-Received: by 2002:aa7:df12:0:b0:504:b30a:2298 with SMTP id c18-20020aa7df12000000b00504b30a2298mr2207369edy.42.1684339979745; Wed, 17 May 2023 09:12:59 -0700 (PDT) Received: from localhost ([82.222.124.85]) by smtp.gmail.com with ESMTPSA id g8-20020aa7d1c8000000b00501d73cfc86sm9501539edp.9.2023.05.17.09.12.59 for <kernel-team@lists.ubuntu.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 09:12:59 -0700 (PDT) From: Cengiz Can <cengiz.can@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU Focal, Bionic PATCH 2/2] ext4: fix check for block being out of directory size Date: Wed, 17 May 2023 19:12:30 +0300 Message-Id: <20230517161227.141529-3-cengiz.can@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230517161227.141529-1-cengiz.can@canonical.com> References: <20230517161227.141529-1-cengiz.can@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/kernel-team> List-Post: <mailto:kernel-team@lists.ubuntu.com> List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com> |
| Series |
CVE-2022-1184
|
expand
|
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index f8faf6d742cd..9c49764fb9ef 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -123,7 +123,7 @@ static struct buffer_head *__ext4_read_dirblock(struct inode *inode, struct ext4_dir_entry *dirent; int is_dx_block = 0; - if (block >= inode->i_size) { + if (block >= inode->i_size >> inode->i_blkbits) { ext4_error_inode(inode, func, line, block, "Attempting to read directory block (%u) that is past i_size (%llu)", block, inode->i_size);