hfs/hfsplus: fix OOB access and uninit-value in bnode operations

[PATCH v2 0/2] hfs/hfsplus: fix OOB access and uninit-value in bnode operations

Tristan Madani posted 2 patches 1 month, 1 week ago

Download series mbox

fs/hfs/bnode.c          | 4 +++-
fs/hfsplus/bnode.c      | 2 ++
fs/hfsplus/hfsplus_fs.h | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)

Expand all Fold all

[PATCH v2 0/2] hfs/hfsplus: fix OOB access and uninit-value in bnode operations

Posted by Tristan Madani 1 month, 1 week ago

From: Tristan Madani <tristan@talencesecurity.com>

Two fixes for long-standing syzbot reports in the HFS/HFS+ B-tree node
handling code.

Changes since v1 (20260501110218.29906-{1..3}-tristmd@gmail.com):
 - Patch 1: use (u64) widening cast per Dubeyko's feedback
 - Patch 2: memset inside hfs_bnode_read() covering all callers in both
   fs/hfs/ and fs/hfsplus/, per Dubeyko's feedback
 - Dropped patch 3 (NULL deref in hfsplus_create_attributes_file):
   already fixed by Dubeyko's patch [1]

[1] https://lore.kernel.org/linux-fsdevel/6601b6ec0de087674f60566db950449c4e821bfc.camel@redhat.com/

Tristan Madani (2):
  hfs/hfsplus: fix u32 overflow in check_and_correct_requested_length
  hfs/hfsplus: zero-initialize buffer in hfs_bnode_read

 fs/hfs/bnode.c          | 4 +++-
 fs/hfsplus/bnode.c      | 2 ++
 fs/hfsplus/hfsplus_fs.h | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

-- 
2.47.3