From: Theodore Ts'o <tytso@mit.edu>
Date: Sat, 6 Aug 2022 05:37:20 +0000 (-0400)
Subject: libext2fs: teach ext2fs_open() to reject file systems with an invalid cluster size
X-Git-Tag: v1.46.6-rc1~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a2b9ceb99c226952a96abbcfb95b2540f8b7ecd;p=thirdparty%2Fe2fsprogs.git

libext2fs: teach ext2fs_open() to reject file systems with an invalid cluster size

If the cluster size is smaller than the block size, this can result in
a negative shift, which is undefined.  When such a file system is
opened, immediately return an error indicating that the file system is
corrupted.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---

diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index 5ec8ed5c1..05839ad68 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -295,8 +295,11 @@ retry:
 		}
 	}
 
-	if (fs->super->s_log_block_size >
-	    (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) {
+	if ((fs->super->s_log_block_size >
+	     (unsigned) (EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE)) ||
+	    (fs->super->s_log_cluster_size >
+	     (unsigned) (EXT2_MAX_CLUSTER_LOG_SIZE - EXT2_MIN_CLUSTER_LOG_SIZE)) ||
+	    (fs->super->s_log_block_size > fs->super->s_log_cluster_size)) {
 		retval = EXT2_ET_CORRUPT_SUPERBLOCK;
 		goto cleanup;
 	}