From: Andreas Dilger <andreas.dilger@intel.com>
Date: Thu, 12 Apr 2012 21:23:47 +0000 (-0600)
Subject: e2fsck: improve in-inode xattr checks
X-Git-Tag: v1.42.13.wc3~39
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=0de7092708f09b5bfcdc10fcf74b7413e0292827;p=tools%2Fe2fsprogs.git

e2fsck: improve in-inode xattr checks

Add check for in-inode xattr to make sure that it is not referencing
an offset that is beyond the end of the inode.

Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
---

diff --git a/.gitignore b/.gitignore
index ac0fd2b..d357896 100644
--- a/.gitignore
+++ b/.gitignore
@@ -113,6 +113,7 @@ lib/ext2fs/tst_inline
 lib/ext2fs/tst_inode_size
 lib/ext2fs/tst_iscan
 lib/ext2fs/tst_libext2fs
+lib/ext2fs/tst_read_ea
 lib/ext2fs/tst_super_size
 lib/ext2fs/tst_types
 lib/quota/subdirs
diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 3bf481f..f21d317 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -320,6 +320,13 @@ static void check_ea_in_inode(e2fsck_t ctx, struct problem_context *pctx)
 			goto fix;
 		}
 
+		/* Value size cannot be larger than EA space in inode */
+		if (entry->e_value_offs > storage_size ||
+		    entry->e_value_offs + entry->e_value_size > storage_size) {
+			problem = PR_1_INODE_EA_BAD_VALUE;
+			goto fix;
+		}
+
 		hash = ext2fs_ext_attr_hash_entry(entry,
 						  start + entry->e_value_offs);
 
diff --git a/e2fsck/problem.c b/e2fsck/problem.c
index f442a33..bcef108 100644
--- a/e2fsck/problem.c
+++ b/e2fsck/problem.c
@@ -971,7 +971,6 @@ static struct e2fsck_problem problem_table[] = {
 	  N_("@i %i, end of extent exceeds allowed value\n\t(logical @b %c, physical @b %b, len %N)\n"),
 	  PROMPT_CLEAR, 0 },
 
-
 	/* Directory inode block <block> should be at block <otherblock> */
 	{ PR_1_COLLAPSE_DBLOCK,
 	  N_("@d @i %i @b %b should be at @b %c.  "),
@@ -987,6 +986,11 @@ static struct e2fsck_problem problem_table[] = {
 	  N_("@i %i logical @b %b (physical @b %c) violates cluster allocation rules.\nWill fix in pass 1B.\n"),
 	  PROMPT_NONE, 0 },
 
+	/* Bad extended attribute value in inode */
+	{ PR_1_INODE_EA_BAD_VALUE,
+	  N_("@a in @i %i is corrupt (@n value)."),
+	  PROMPT_CLEAR, 0},
+
 	/* Pass 1b errors */
 
 	/* Pass 1B: Rescan for duplicate/bad blocks */
diff --git a/e2fsck/problem.h b/e2fsck/problem.h
index 212ed35..e39513c 100644
--- a/e2fsck/problem.h
+++ b/e2fsck/problem.h
@@ -587,6 +587,9 @@ struct problem_context {
 /* Inode logical block is misaligned */
 #define PR_1_MISALIGNED_CLUSTER		0x010074
 
+/* Bad extended attribute value in inode */
+#define PR_1_INODE_EA_BAD_VALUE		0x010080
+
 /*
  * Pass 1b errors
  */