git://git.whamcloud.com - tools/e2fsprogs.git/commit

author	Lukas Czerner <lczerner@redhat.com>
	Thu, 21 Apr 2022 17:31:48 +0000 (19:31 +0200)
committer	Theodore Ts'o <tytso@mit.edu>
	Thu, 28 Apr 2022 14:39:28 +0000 (10:39 -0400)
commit	ab51d587bb9b229b1fade1afd02e1574c1ba5c76
tree	61dfde33cca22790094a5a142c64cd8b9027eff1	tree \| snapshot
parent	8786b013bc794c7c024b7213114a5175d56ae2d3	commit \| diff

libext2fs: add sanity check to extent manipulation

It is possible to have a corrupted extent tree in such a way that a leaf
node contains zero extents in it. Currently if that happens and we try
to traverse the tree we can end up accessing wrong data, or possibly
even uninitialized memory. Make sure we don't do that.

Additionally make sure that we have a sane number of bytes passed to
memmove() in ext2fs_extent_delete().

Note that e2fsck is currently unable to spot and fix such corruption in
pass1.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Nils Bars <nils_bars@t-online.de>
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
Addresses: CVE-2022-1304
Addresses-Debian-Bug: #1010263
Signed-off-by: Theodore Ts'o <tytso@mit.edu>