]> git.ipfire.org Git - thirdparty/e2fsprogs.git/commit
projects / thirdparty / e2fsprogs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16eca7c) | patch
libsupport: add checks to prevent buffer overrun bugs in quota code
authorTheodore Ts'o <tytso@mit.edu>
Sun, 1 Sep 2019 04:59:16 +0000 (00:59 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Mon, 23 Sep 2019 17:09:26 +0000 (13:09 -0400)
commit8dbe7b475ec5e91ed767239f0e85880f416fc384
tree77d75fb373c31abfb220bcea74e29be7b6161490tree | snapshot
parent16eca7ce12e8c4613cc3a9940c62b687e27da514commit | diff
libsupport: add checks to prevent buffer overrun bugs in quota code

A maliciously corrupted file systems can trigger buffer overruns in
the quota code used by e2fsck.  To fix this, add sanity checks to the
quota header fields as well as to block number references in the quota
tree.

Addresses: CVE-2019-5094
Addresses: TALOS-2019-0887
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
lib/support/mkquota.c diff | blob | blame | history
lib/support/quotaio_tree.c diff | blob | blame | history
lib/support/quotaio_v2.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.