[lvc-project] [PATCH 1/1] udf: Fix null-ptr-deref in udf_write_fi()
Jan Kara
jack at suse.cz
Mon Jan 9 12:44:56 MSK 2023
On Sat 07-01-23 22:50:16, Fedor Pchelkin wrote:
> udf_find_entry() can return NULL or an error pointer if it fails. So we
> should check its return value to avoid NULL pointer dereferencing in
> udf_write_fi() (which is called from udf_delete_entry()). Also, if
> udf_find_entry() returns an error pointer, it is possible that ofibh and
> ocfi structs hold invalid values which can cause additional problems in
> udf_write_fi().
>
> If udf_find_entry() returns an error pointer, udf_rename() should return
> with an error code. If udf_find_entry() returns NULL, ofi has probably
> already been deleted.
>
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
>
> Fixes: 231473f6ddce ("udf: Return error from udf_find_entry()")
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: syzbot+8a5a459f324d510ea15a at syzkaller.appspotmail.com
> Signed-off-by: Fedor Pchelkin <pchelkin at ispras.ru>
> Signed-off-by: Alexey Khoroshilov <khoroshilov at ispras.ru>
Thanks for the patch but I have already queued in my tree [1] rewrite of
UDF directory handling code that addresses multiple issues syzbot found in
directory handling and as far as I'm looking into the new code, this one
should be fixed as well.
[1] git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs.git for_next
Honza
--
Jan Kara <jack at suse.com>
SUSE Labs, CR
More information about the lvc-project
mailing list