From 878269dbe74229005dd7f27aca66c554e31dad8e Mon Sep 17 00:00:00 2001 From: Paul Emge Date: Mon, 8 Jul 2019 16:37:05 -0700 Subject: CVE-2019-13104: ext4: check for underflow in ext4fs_read_file in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: Paul Emge --- fs/ext4/ext4fs.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'fs/ext4/ext4fs.c') diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c index 85dc122f300..e2b740cac40 100644 --- a/fs/ext4/ext4fs.c +++ b/fs/ext4/ext4fs.c @@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, ext_cache_init(&cache); - if (blocksize <= 0) - return -1; - /* Adjust len so it we can't read past the end of the file. */ if (len + pos > filesize) len = (filesize - pos); + if (blocksize <= 0 || len <= 0) { + ext_cache_fini(&cache); + return -1; + } + blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize); for (i = lldiv(pos, blocksize); i < blockcnt; i++) { -- cgit v1.2.3