diff options
author | Theodore Ts'o <tytso@mit.edu> | 2022-08-12 15:48:04 -0400 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2022-08-12 15:48:04 -0400 |
commit | 64d576a89959bfdcf5415be2c36c06549562cbb2 (patch) | |
tree | 043e3e05029522a58788effd8fc9ecc18eec33ab | |
parent | 164201425ec292ac25b93b61694fe6843cac74fd (diff) | |
download | e2fsprogs-64d576a89959bfdcf5415be2c36c06549562cbb2.tar.gz |
e2fsck: validate i_extra_size in ext4_fc_handle_inode
Addresses-Coverity-Bug: 1500765
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-rw-r--r-- | e2fsck/journal.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/e2fsck/journal.c b/e2fsck/journal.c index 571de83e9..1646b479b 100644 --- a/e2fsck/journal.c +++ b/e2fsck/journal.c @@ -747,9 +747,19 @@ static int ext4_fc_handle_inode(e2fsck_t ctx, __u8 *val) fc_raw_inode = val + sizeof(fc_ino); ino = le32_to_cpu(fc_ino); - if (EXT2_INODE_SIZE(ctx->fs->super) > EXT2_GOOD_OLD_INODE_SIZE) - inode_len += ext2fs_le16_to_cpu( + if (EXT2_INODE_SIZE(ctx->fs->super) > EXT2_GOOD_OLD_INODE_SIZE) { + __u16 extra_isize = ext2fs_le16_to_cpu( ((struct ext2_inode_large *)fc_raw_inode)->i_extra_isize); + + if ((extra_isize < (sizeof(inode->i_extra_isize) + + sizeof(inode->i_checksum_hi))) || + (extra_isize > (EXT2_INODE_SIZE(ctx->fs->super) - + EXT2_GOOD_OLD_INODE_SIZE))) { + err = EFSCORRUPTED; + goto out; + } + inode_len += extra_isize; + } err = ext2fs_get_mem(inode_len, &inode); if (err) goto out; |