Fix potential e2fsck -n crash

Don't core dump if there is a corrupt htree interior node. If the block number is larger than the number of blocks in the directory, don't write past the end of malloc'ed memory. Addresses SourceForge Bug: #1512778 Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2024-12-14 12:25:51 +08:00 · 2006-10-21 23:27:03 -04:00 · 2006-10-21 23:27:03 -04:00 · 977ac8731b
commit 977ac8731b
parent e10521444d
2 changed files with 10 additions and 1 deletions
--- a/e2fsck/ChangeLog
+++ b/e2fsck/ChangeLog
@ -1,3 +1,11 @@
+2006-10-21  Theodore Tso  <tytso@mit.edu>
+
+	* pass2.c (parse_int_node): Don't core dump if there is a corrupt
+		htree interior node.  If the block number is larger than
+		the number of blocks in the directory, don't write past
+		the end of malloc'ed memory.  (Addresses SourceForge Bug:
+		#1512778)
+
 2006-10-02  Theodore Tso  <tytso@mit.edu>

 	* e2fsck.conf.5.in: Minor correction to man page.
--- a/e2fsck/pass2.c
+++ b/e2fsck/pass2.c
@ -587,11 +587,12 @@ static void parse_int_node(ext2_filsys fs,
 #endif
 		blk = ext2fs_le32_to_cpu(ent[i].block) & 0x0ffffff;
 		/* Check to make sure the block is valid */
-		if (blk > (blk_t) dx_dir->numblocks) {
+		if (blk >= (blk_t) dx_dir->numblocks) {
 			cd->pctx.blk = blk;
 			if (fix_problem(cd->ctx, PR_2_HTREE_BADBLK,
 					&cd->pctx))
 				goto clear_and_exit;
+			continue;
 		}
 		if (hash < prev_hash &&
 		    fix_problem(cd->ctx, PR_2_HTREE_HASH_ORDER, &cd->pctx))