git://git.whamcloud.com - tools/e2fsprogs.git/commit

author	Lukas Czerner <lczerner@redhat.com>
	Tue, 14 Aug 2018 14:37:53 +0000 (16:37 +0200)
committer	Theodore Ts'o <tytso@mit.edu>
	Wed, 3 Oct 2018 01:47:10 +0000 (21:47 -0400)
commit	b0ec76d623f737a32abc5ab8bb7198bf1d9939a4
tree	63cfe2fdbe93ccd7d29984bc73c6d1e939266946	tree \| snapshot
parent	feb235e0812d6c5f1fda9e8c790b5bcb78aba285	commit \| diff

libe2p: avoid segfault when s_nr_users is too high

Currently in e2fsprogs tools it's possible to access out of bounds
memory when reading list of ids sharing a journal log
(journal_superblock_t->s_users[]) in case where s_nr_users is too high.

This is because we never check whether the s_nr_users fits into the
restriction of JFS_USERS_MAX. Fix it by checking that nr_users is not
bigger than JFS_USERS_MAX and error out when possiblem.

Also add test for dumpe2fs. The rest would require involving external
journal which is not possible to test with e2fsprogs test suite at the
moment.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/e2p/ljs.c		diff \| blob \| history
lib/ext2fs/mkjournal.c		diff \| blob \| history
misc/tune2fs.c		diff \| blob \| history
tests/d_corrupt_journal_nr_users/expect	[new file with mode: 0644]	blob
tests/d_corrupt_journal_nr_users/image.gz	[new file with mode: 0644]	blob
tests/d_corrupt_journal_nr_users/name	[new file with mode: 0644]	blob
tests/d_corrupt_journal_nr_users/script	[new file with mode: 0644]	blob
tests/f_bad_local_jnl/image	[new file with mode: 0644]	blob