CVE-2019-13104: ext4: check for underflow in ext4fs_read_file

in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
This commit is contained in:
Paul Emge 2019-07-08 16:37:05 -07:00 committed by Tom Rini
parent 6e5a79de65
commit 878269dbe7

View file

@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
ext_cache_init(&cache);
if (blocksize <= 0)
return -1;
/* Adjust len so it we can't read past the end of the file. */
if (len + pos > filesize)
len = (filesize - pos);
if (blocksize <= 0 || len <= 0) {
ext_cache_fini(&cache);
return -1;
}
blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
for (i = lldiv(pos, blocksize); i < blockcnt; i++) {