Theodore Ts'o bc890a6024 ext4: verify the depth of extent tree in ext4_find_extent() ...

If there is a corupted file system where the claimed depth of the
extent tree is -1, this can cause a massive buffer overrun leading to
sadness.

This addresses CVE-2018-10877.

https://bugzilla.kernel.org/show_bug.cgi?id=199417

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org

2018-06-14 12:55:10 -04:00

8.1 KiB

Raw Blame History

View Raw