www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Theodore Ts'o <tytso@mit.edu>
	Sun, 17 Jun 2018 04:41:14 +0000 (00:41 -0400)
committer	Brian Maly <brian.maly@oracle.com>
	Wed, 27 Mar 2019 18:56:06 +0000 (14:56 -0400)
commit	8313adc6c44f95f67591e8fab33a4a75bb8fc683
tree	86f5aa75a77131050abc7fec4837fd9711311102	tree
parent	a4b61b6c84fae74b327c79a6ab9b444d9b676e1a	commit \| diff

ext4: add more inode number paranoia checks

commit c37e9e013469521d9adb932d17a1795c139b36db upstream.

If there is a directory entry pointing to a system inode (such as a
journal inode), complain and declare the file system to be corrupted.

Also, if the superblock's first inode number field is too small,
refuse to mount the file system.

This addresses CVE-2018-10882.

https://bugzilla.kernel.org/show_bug.cgi?id=200069

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit ff6c96461be35381399466ad58f02b8d78ab480a)

Orabug: 29545566
CVE: CVE-2018-10882

Signed-off-by: John Donnelly <John.P.Donnelly@oracle.com>
Reviewed-by: Allen Pais <allen.pais@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Conflicts:
fs/ext4/inode.c

Signed-off-by: Brian Maly <brian.maly@oracle.com>

fs/ext4/ext4.h		diff \| blob \| history
fs/ext4/inode.c		diff \| blob \| history
fs/ext4/super.c		diff \| blob \| history