Commit 513f86d7 authored Jun 13, 2018 by Theodore Ts'o

ext4: always verify the magic number in xattr blocks

If there an inode points to a block which is also some other type of
metadata block (such as a block allocation bitmap), the
buffer_verified flag can be set when it was validated as that other
metadata block type; however, it would make a really terrible external
attribute block.  The reason why we use the verified flag is to avoid
constantly reverifying the block.  However, it doesn't take much
overhead to make sure the magic number of the xattr block is correct,
and this will avoid potential crashes.

This addresses CVE-2018-10879.

https://bugzilla.kernel.org/show_bug.cgi?id=200001



Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Cc: stable@kernel.org

parent 5369a762

fs/ext4/xattr.c

+3 −3

Original line number	Original line	Diff line number	Diff line
	@@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode inode, struct buffer_head bh,
	{		{
	int error = -EFSCORRUPTED;		int error = -EFSCORRUPTED;

	if (buffer_verified(bh))
	return 0;

	if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) \|\|		if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) \|\|
	BHDR(bh)->h_blocks != cpu_to_le32(1))		BHDR(bh)->h_blocks != cpu_to_le32(1))
	goto errout;		goto errout;
			if (buffer_verified(bh))
			return 0;

	error = -EFSBADCRC;		error = -EFSBADCRC;
	if (!ext4_xattr_block_csum_verify(inode, bh))		if (!ext4_xattr_block_csum_verify(inode, bh))
	goto errout;		goto errout;

Admin message