lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Oct 2021 16:06:48 +0200
From:   Jan Kara <jack@...e.cz>
To:     Gabriel Krisman Bertazi <krisman@...labora.com>
Cc:     jack@...e.com, amir73il@...il.com, djwong@...nel.org,
        tytso@....edu, david@...morbit.com, dhowells@...hat.com,
        khazhy@...gle.com, linux-fsdevel@...r.kernel.org,
        linux-ext4@...r.kernel.org, linux-api@...r.kernel.org,
        kernel@...labora.com
Subject: Re: [PATCH v8 26/32] fanotify: WARN_ON against too large file handles

On Mon 18-10-21 21:00:09, Gabriel Krisman Bertazi wrote:
> struct fanotify_error_event, at least, is preallocated and isn't able to
> to handle arbitrarily large file handles.  Future-proof the code by
> complaining loudly if a handle larger than MAX_HANDLE_SZ is ever found.
> 
> Signed-off-by: Gabriel Krisman Bertazi <krisman@...labora.com>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@...e.cz>

								Honza

> ---
>  fs/notify/fanotify/fanotify.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
> index cedcb1546804..45df610debbe 100644
> --- a/fs/notify/fanotify/fanotify.c
> +++ b/fs/notify/fanotify/fanotify.c
> @@ -360,13 +360,23 @@ static u32 fanotify_group_event_mask(struct fsnotify_group *group,
>  static int fanotify_encode_fh_len(struct inode *inode)
>  {
>  	int dwords = 0;
> +	int fh_len;
>  
>  	if (!inode)
>  		return 0;
>  
>  	exportfs_encode_inode_fh(inode, NULL, &dwords, NULL);
> +	fh_len = dwords << 2;
>  
> -	return dwords << 2;
> +	/*
> +	 * struct fanotify_error_event might be preallocated and is
> +	 * limited to MAX_HANDLE_SZ.  This should never happen, but
> +	 * safeguard by forcing an invalid file handle.
> +	 */
> +	if (WARN_ON_ONCE(fh_len > MAX_HANDLE_SZ))
> +		return 0;
> +
> +	return fh_len;
>  }
>  
>  /*
> -- 
> 2.33.0
> 
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ