* Re: An out-of-bound in OCFS2
[not found] ` <CAHk-=wgrV_hb1ZuvxvhRF8=5R5SxeNUkpA7NVg2-7HcM1TKQaw@mail.gmail.com>
@ 2024-05-15 1:42 ` Joseph Qi
0 siblings, 0 replies; only message in thread
From: Joseph Qi @ 2024-05-15 1:42 UTC (permalink / raw)
To: lei lu, Linus Torvalds
Cc: security, ocfs2-devel, Mark Fasheh, Joel Becker, Ferry Meng
Thanks for reporting this issue.
I'll take a look at it.
Cc ocfs2-devel@lists.linux.dev as well.
Thanks,
Joseph
On 5/15/24 2:09 AM, Linus Torvalds wrote:
> On Tue, 14 May 2024 at 10:28, lei lu <llfamsec@gmail.com> wrote:
>>
>> I found an out-of-bound in OCFS2 file system.
>>
>> There is a lack of verification for ocfs2_xattr_entry.xe_name_offset.
>>
>> PoC:
>> 1) xh_entries.xe_name_offset: 0xffff
>> ocfs2_xattr_header.xd_count: 0xa (10)
>> ocfs2_xattr_header.xh_num_buckets: 0x0 (0)
>> ocfs2_xattr_header.xh_entries[0].xe_name_offset: 0xffff (65535)
>> ocfs2_xattr_header.xh_entries[0].xe_name_len: 0x5 (5)
>> ocfs2_xattr_header.xh_entries[0].name:
>> ocfs2_xattr_header.xh_entries[0].xe_type: 1
>>
>> KASAN report: [..]
>
> I have forwarded the original to ocfs2 people who are also cc'd here as well.
>
> Please keep everybody on the participants list for any questions or
> further info on this,
>
> Linus
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-05-15 1:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAEBF3_bBSrQTXSPvk1C+TB4ye+tmkLCXpou6ig+34iNv4yXpSA@mail.gmail.com>
[not found] ` <CAHk-=wgrV_hb1ZuvxvhRF8=5R5SxeNUkpA7NVg2-7HcM1TKQaw@mail.gmail.com>
2024-05-15 1:42 ` An out-of-bound in OCFS2 Joseph Qi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.