diff options
| author | Neel Chauhan <nc@FreeBSD.org> | 2021-11-16 22:59:26 +0000 |
|---|---|---|
| committer | Neel Chauhan <nc@FreeBSD.org> | 2021-12-04 22:34:20 +0000 |
| commit | c0e1884b11c0f86cd7bec28b03b9d6a3a4a45c3b (patch) | |
| tree | 19aa79c3a55f1f5f16ff8f15d88072ec4b60d1eb | |
| parent | 6ef62def60969d7f8268674ee5946f8d8583d094 (diff) | |
| download | src-c0e1884b11c0f86cd7bec28b03b9d6a3a4a45c3b.tar.gz src-c0e1884b11c0f86cd7bec28b03b9d6a3a4a45c3b.zip | |
ext2: Check for e2fs_first_dblock in ext2_compute_sb_data()
This prevents a kernel panic on a damaged ext2 superblock.
PR: 259107
Reported by: Robert Morris <rtm@lcs.mit.edu>
Differential Revision: https://reviews.freebsd.org/D33029
(cherry picked from commit 3dd3a395ba975d0fbe13320e6e69fb85b037da5e)
| -rw-r--r-- | sys/fs/ext2fs/ext2_vfsops.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/fs/ext2fs/ext2_vfsops.c b/sys/fs/ext2fs/ext2_vfsops.c index 5bc2e975d310..74a7a08128b4 100644 --- a/sys/fs/ext2fs/ext2_vfsops.c +++ b/sys/fs/ext2fs/ext2_vfsops.c @@ -465,6 +465,13 @@ ext2_compute_sb_data(struct vnode *devvp, struct ext2fs *es, int g_count = 0; int error; + /* Check if first dblock is valid */ + if (fs->e2fs->e2fs_bcount >= 1024 && fs->e2fs->e2fs_first_dblock) { + SDT_PROBE1(ext2fs, , vfsops, ext2_compute_sb_data_error, + "first dblock is invalid"); + return (EINVAL); + } + /* Check checksum features */ if (EXT2_HAS_RO_COMPAT_FEATURE(fs, EXT2F_ROCOMPAT_GDT_CSUM) && EXT2_HAS_RO_COMPAT_FEATURE(fs, EXT2F_ROCOMPAT_METADATA_CKSUM)) { @@ -611,7 +618,8 @@ ext2_compute_sb_data(struct vnode *devvp, struct ext2fs *es, return (EINVAL); } - if (le32toh(es->e2fs_first_dblock) >= fs->e2fs_bcount) { + if (le32toh(es->e2fs_first_dblock) != (fs->e2fs_bsize > 1024 ? 0 : 1) || + le32toh(es->e2fs_first_dblock) >= fs->e2fs_bcount) { SDT_PROBE1(ext2fs, , vfsops, ext2_compute_sb_data_error, "first data block out of range"); return (EINVAL); |