e2fsck: improve in-inode xattr checks

Add check for in-inode xattr to make sure that it is not referencing
an offset that is beyond the end of the inode.

Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>

diff --git a/.gitignore b/.gitignore
index ac0fd2b..d357896 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -113,6 +113,7 @@ lib/ext2fs/tst_inline
 lib/ext2fs/tst_inode_size
 lib/ext2fs/tst_iscan
 lib/ext2fs/tst_libext2fs
+lib/ext2fs/tst_read_ea
 lib/ext2fs/tst_super_size
 lib/ext2fs/tst_types
 lib/quota/subdirs

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 3bf481f..f21d317 100644 (file)
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -320,6 +320,13 @@ static void check_ea_in_inode(e2fsck_t ctx, struct problem_context *pctx)
                        goto fix;
                }
 
+               /* Value size cannot be larger than EA space in inode */
+               if (entry->e_value_offs > storage_size ||
+                   entry->e_value_offs + entry->e_value_size > storage_size) {
+                       problem = PR_1_INODE_EA_BAD_VALUE;
+                       goto fix;
+               }
+
                hash = ext2fs_ext_attr_hash_entry(entry,
                                                  start + entry->e_value_offs);
 

diff --git a/e2fsck/problem.c b/e2fsck/problem.c
index f442a33..bcef108 100644 (file)
--- a/e2fsck/problem.c
+++ b/e2fsck/problem.c
@@ -971,7 +971,6 @@ static struct e2fsck_problem problem_table[] = {
          N_("@i %i, end of extent exceeds allowed value\n\t(logical @b %c, physical @b %b, len %N)\n"),
          PROMPT_CLEAR, 0 },
 
-
        /* Directory inode block <block> should be at block <otherblock> */
        { PR_1_COLLAPSE_DBLOCK,
          N_("@d @i %i @b %b should be at @b %c.  "),
@@ -987,6 +986,11 @@ static struct e2fsck_problem problem_table[] = {
          N_("@i %i logical @b %b (physical @b %c) violates cluster allocation rules.\nWill fix in pass 1B.\n"),
          PROMPT_NONE, 0 },
 
+       /* Bad extended attribute value in inode */
+       { PR_1_INODE_EA_BAD_VALUE,
+         N_("@a in @i %i is corrupt (@n value)."),
+         PROMPT_CLEAR, 0},
+
        /* Pass 1b errors */
 
        /* Pass 1B: Rescan for duplicate/bad blocks */

diff --git a/e2fsck/problem.h b/e2fsck/problem.h
index 212ed35..e39513c 100644 (file)
--- a/e2fsck/problem.h
+++ b/e2fsck/problem.h
@@ -587,6 +587,9 @@ struct problem_context {
 /* Inode logical block is misaligned */
 #define PR_1_MISALIGNED_CLUSTER                0x010074
 
+/* Bad extended attribute value in inode */
+#define PR_1_INODE_EA_BAD_VALUE                0x010080
+
 /*
  * Pass 1b errors
  */