[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 093/117] fs/btrfs: Validate the number of stripes/pariti
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 093/117] fs/btrfs: Validate the number of stripes/parities in RAID5/6 |
Date: |
Tue, 2 Mar 2021 19:01:40 +0100 |
From: Daniel Axtens <dja@axtens.net>
This prevents a divide by zero if nstripes == nparities, and
also prevents propagation of invalid values if nstripes ends up
less than nparities.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/btrfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
index 27339bdb3..c4ba5f110 100644
--- a/grub-core/fs/btrfs.c
+++ b/grub-core/fs/btrfs.c
@@ -1083,6 +1083,9 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data,
grub_disk_addr_t addr,
* stripen is computed without the parities
* (0 for A0, A1, A2, 1 for B0, B1, B2, etc.).
*/
+ if (nparities >= nstripes)
+ return grub_error (GRUB_ERR_BAD_FS,
+ "invalid RAID5/6: nparities >= nstripes");
high = grub_divmod64 (stripe_nr, nstripes - nparities, &stripen);
/*
--
2.11.0
- [SECURITY PATCH 096/117] kern/parser: Introduce process_char() helper, (continued)
- [SECURITY PATCH 096/117] kern/parser: Introduce process_char() helper, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 097/117] kern/parser: Introduce terminate_arg() helper, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 080/117] fs/nilfs2: Don't search children if provided number is too large, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 088/117] disk/lvm: Bail on missing PV list, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 099/117] kern/buffer: Add variable sized heap buffer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 076/117] fs/jfs: Do not move to leaf level if name length is negative, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 075/117] fs/sfs: Fix over-read of root object name, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 074/117] fs/hfs: Disable under lockdown, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 094/117] fs/btrfs: Squash some uninitialized reads, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 081/117] fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 093/117] fs/btrfs: Validate the number of stripes/parities in RAID5/6,
Daniel Kiper <=
- [SECURITY PATCH 090/117] disk/lvm: Do not overread metadata, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 095/117] kern/parser: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 092/117] disk/lvm: Do not allow a LV to be it's own segment's node's LV, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 098/117] kern/parser: Refactor grub_parser_split_cmdline() cleanup, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 102/117] util/mkimage: Remove unused code to add BSS section, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 108/117] util/mkimage: Refactor section setup to use a helper, Daniel Kiper, 2021/03/02