Re: Bad ext3/nfs DoS bug

On Monday July 24, [email protected] wrote:
> 
> <then looks at ext2>

Yeh.... this patch is somewhat different to the others, yet similar...

I didn't bother changing ext2_get_inode at all, but just defined a
get_dentry export_op so that bad inode numbers never get to
ext2_get_inode via nfsd.

So in this case I had to test for the upper bound as well as the lower
bound.

Putting it another way,
 ext3_get_dentry reject certain inums that are known to be a problem.
 ext2_get_dentry allows only those inums that could possibly be ok.

So if you (anyone) prefer one approach over the other, making the
change so they both fs take the same approach would be trivial.

Compile tested only

NeilBrown


------------------------------------
Have ext2 reject file handles with bad inode numbers early.

This prevents bad inode numbers from triggering errors in
ext2_get_inode.


Signed-off-by: Neil Brown <[email protected]>

### Diffstat output
 ./fs/ext2/super.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff .prev/fs/ext2/super.c ./fs/ext2/super.c
--- .prev/fs/ext2/super.c	2006-07-25 12:29:10.000000000 +1000
+++ ./fs/ext2/super.c	2006-07-25 12:31:04.000000000 +1000
@@ -251,6 +251,20 @@ static struct super_operations ext2_sops
 #endif
 };
 
+static struct dentry *ext2_get_dentry(struct super_block *sb, void *vobjp)
+{
+	__u32 *objp = vobjp;
+	unsigned long ino = objp[0];
+	__u32 generation = objp[1];
+
+	if (ino != EXT2_ROOT_INO && ino < EXT2_FIRST_INO(sb))
+		return ERR_PTR(-ESTALE);
+	if (ino > le32_to_cpu(EXT2_SB(sb)->s_es->s_inodes_count))
+		return ERR_PTR(-ESTALE);
+
+	return export_iget(sb, ino, generation);
+}
+
 /* Yes, most of these are left as NULL!!
  * A NULL value implies the default, which works with ext2-like file
  * systems, but can be improved upon.
@@ -258,6 +272,7 @@ static struct super_operations ext2_sops
  */
 static struct export_operations ext2_export_ops = {
 	.get_parent = ext2_get_parent,
+	.get_dentry = ext2_get_dentry,
 };
 
 static unsigned long get_sb_block(void **data)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: Bad ext3/nfs DoS bug
    • From: Eric Sandeen <[email protected]>

• References:
  • Re: Bad ext3/nfs DoS bug
    • From: James <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Marcel Holtmann <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: James <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Marcel Holtmann <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: James <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Jan Kara <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Neil Brown <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Jan Kara <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Neil Brown <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Andrew Morton <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Theodore Tso <[email protected]>
  • Re: Bad ext3/nfs DoS bug
    • From: Andrew Morton <[email protected]>

• Prev by Date: Re: skge error; hangs w/ hardware memory hole
• Next by Date: Re: [ANNOUNCE][RFC] PlugSched-6.4 for 2.6.18-rc2
• Previous by thread: Re: Bad ext3/nfs DoS bug
• Next by thread: Re: Bad ext3/nfs DoS bug
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]