refs/tags/ASB-2019-02-05_4.4-o-release - kernel/common.git

tag	4b07d3abfe551b4503122c88c5316d6b1b24423f
tagger	Todd Kjos <tkjos@google.com>	Mon Feb 04 12:44:41 2019 -0800
object	8bc944dd1cf175a0e01bbb07d53fb0525bc5dc27

https://source.android.com/security/bulletin/2019-02-01
CVE-2018-10879
CVE-2019-2000
CVE-2019-2001

Fix for CVE-2019-1999 not publicly available yet

commit	8bc944dd1cf175a0e01bbb07d53fb0525bc5dc27	[log] [tgz]
author	Theodore Ts'o <tytso@mit.edu>	Wed Jun 13 00:23:11 2018 -0400
committer	Todd Kjos <tkjos@google.com>	Fri Feb 01 11:26:23 2019 -0800
tree	a7d1a0a985bb4ec69f56ca16366b6c9b62e298f3
parent	336610c0d0f59d73033436041dc00865283ca8f8 [diff]

ext4: add corruption check in ext4_xattr_set_entry()

commit 5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d upstream.

In theory this should have been caught earlier when the xattr list was
verified, but in case it got missed, it's simple enough to add check
to make sure we don't overrun the xattr buffer.

This addresses CVE-2018-10879.

https://bugzilla.kernel.org/show_bug.cgi?id=200001

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
[bwh: Backported to 3.16:
 - Add inode parameter to ext4_xattr_set_entry() and update callers
 - Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[adjusted for 4.4 context]
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/ext4/xattr.c[diff]

1 file changed