From 977ac8731bf3bd934421dd8107e77325ec7e6de7 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Sat, 21 Oct 2006 23:27:03 -0400 Subject: [PATCH] Fix potential e2fsck -n crash Don't core dump if there is a corrupt htree interior node. If the block number is larger than the number of blocks in the directory, don't write past the end of malloc'ed memory. Addresses SourceForge Bug: #1512778 Signed-off-by: "Theodore Ts'o" --- e2fsck/ChangeLog | 8 ++++++++ e2fsck/pass2.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/e2fsck/ChangeLog b/e2fsck/ChangeLog index 5f4d6e2..6b03532 100644 --- a/e2fsck/ChangeLog +++ b/e2fsck/ChangeLog @@ -1,3 +1,11 @@ +2006-10-21 Theodore Tso + + * pass2.c (parse_int_node): Don't core dump if there is a corrupt + htree interior node. If the block number is larger than + the number of blocks in the directory, don't write past + the end of malloc'ed memory. (Addresses SourceForge Bug: + #1512778) + 2006-10-02 Theodore Tso * e2fsck.conf.5.in: Minor correction to man page. diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c index a4db03f..e47e950 100644 --- a/e2fsck/pass2.c +++ b/e2fsck/pass2.c @@ -587,11 +587,12 @@ static void parse_int_node(ext2_filsys fs, #endif blk = ext2fs_le32_to_cpu(ent[i].block) & 0x0ffffff; /* Check to make sure the block is valid */ - if (blk > (blk_t) dx_dir->numblocks) { + if (blk >= (blk_t) dx_dir->numblocks) { cd->pctx.blk = blk; if (fix_problem(cd->ctx, PR_2_HTREE_BADBLK, &cd->pctx)) goto clear_and_exit; + continue; } if (hash < prev_hash && fix_problem(cd->ctx, PR_2_HTREE_HASH_ORDER, &cd->pctx)) -- 1.8.3.1