Merge branch 'maint' into next

author: Theodore Ts'o <tytso@mit.edu> 2022-08-12 22:34:57 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2022-08-12 22:34:57 -0400
commit: d05a33bd3e255d8d279b3399eadccbcaeb3613a5 (patch)
tree: c1837ecd2fd4fa708e878c538a91ca7c85d74ed1 /e2fsck/journal.c
parent: d5aba8e5d349272eb221e2aab3775bb942f89684 (diff)
parent: 18ebcf26f478702cd09dd4229320d449469f1490 (diff)
download: e2fsprogs-d05a33bd3e255d8d279b3399eadccbcaeb3613a5.tar.gz
1 files changed, 12 insertions, 2 deletions
diff --git a/e2fsck/journal.c b/e2fsck/journal.c
index 3cd3e306..d802c5e9 100644
--- a/e2fsck/journal.c
+++ b/e2fsck/journal.c
@@ -747,9 +747,19 @@ static int ext4_fc_handle_inode(e2fsck_t ctx, __u8 *val)
 	fc_raw_inode = val + sizeof(fc_ino);
 	ino = le32_to_cpu(fc_ino);
 
-	if (EXT2_INODE_SIZE(ctx->fs->super) > EXT2_GOOD_OLD_INODE_SIZE)
-		inode_len += ext2fs_le16_to_cpu(
+	if (EXT2_INODE_SIZE(ctx->fs->super) > EXT2_GOOD_OLD_INODE_SIZE) {
+		__u16 extra_isize = ext2fs_le16_to_cpu(
 			((struct ext2_inode_large *)fc_raw_inode)->i_extra_isize);
+
+		if ((extra_isize < (sizeof(inode->i_extra_isize) +
+				    sizeof(inode->i_checksum_hi))) ||
+		    (extra_isize > (EXT2_INODE_SIZE(ctx->fs->super) -
+				    EXT2_GOOD_OLD_INODE_SIZE))) {
+			err = EFSCORRUPTED;
+			goto out;
+		}
+		inode_len += extra_isize;
+	}
 	err = ext2fs_get_mem(inode_len, &inode);
 	if (err)
 		goto out;
author	Theodore Ts'o <tytso@mit.edu>	2022-08-12 22:34:57 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2022-08-12 22:34:57 -0400
commit	d05a33bd3e255d8d279b3399eadccbcaeb3613a5 (patch)
tree	c1837ecd2fd4fa708e878c538a91ca7c85d74ed1 /e2fsck/journal.c
parent	d5aba8e5d349272eb221e2aab3775bb942f89684 (diff)
parent	18ebcf26f478702cd09dd4229320d449469f1490 (diff)
download	e2fsprogs-d05a33bd3e255d8d279b3399eadccbcaeb3613a5.tar.gz