diff mbox series

[SRU,Trusty,2/2] ext4: fix fencepost in s_first_meta_bg validation

Message ID 20180725180935.2503-3-kleber.souza@canonical.com
State New
Headers show
Series Fix for CVE-2016-10208 | expand

Commit Message

Kleber Sacilotto de Souza July 25, 2018, 6:09 p.m. UTC 
From: Theodore Ts'o <tytso@mit.edu>

It is OK for s_first_meta_bg to be equal to the number of block group
descriptor blocks.  (It rarely happens, but it shouldn't cause any
problems.)

https://bugzilla.kernel.org/show_bug.cgi?id=194567

Fixes: 3a4b77cd47bb837b8557595ec7425f281f2ca1fe
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org

CVE-2016-10208
(backported from commit 2ba3e6e8afc9b6188b471f27cf2b5e3cf34e7af2)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
---
 fs/ext4/super.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ffca676b968d..942c98b270fd 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3832,7 +3832,7 @@  static int ext4_fill_super(struct super_block *sb, void *data, int silent)
 	db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) /
 		   EXT4_DESC_PER_BLOCK(sb);
 	if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_META_BG)) {
-		if (le32_to_cpu(es->s_first_meta_bg) >= db_count) {
+		if (le32_to_cpu(es->s_first_meta_bg) > db_count) {
 			ext4_msg(sb, KERN_WARNING,
 				 "first meta block group too large: %u "
 				 "(group descriptor block count %u)",