Eric Biggers 39049b69ec fsverity: explicitly check for buffer overflow in build_merkle_tree() ... The new Merkle tree construction algorithm is a bit fragile in that it may overflow the 'root_hash' array if the tree actually generated does not match the calculated tree parameters. This should never happen unless there is a filesystem bug that allows the file size to change despite deny_write_access(), or a bug in the Merkle tree logic itself. Regardless, it's fairly easy to check for buffer overflow here, so let's do so. This is a robustness improvement only; this case is not currently known to be reachable. I've added a Fixes tag anyway, since I recommend that this be included in kernels that have the mentioned commit. Fixes: 56124d6c87 ("fsverity: support enabling with tree block size < PAGE_SIZE") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230328041505.110162-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>		2023-04-11 19:23:23 -07:00
..
enable.c	fsverity: explicitly check for buffer overflow in build_merkle_tree()	2023-04-11 19:23:23 -07:00
fsverity_private.h	fsverity: support verification with tree block size < PAGE_SIZE	2023-01-09 19:06:03 -08:00
hash_algs.c	fsverity: use WARN_ON_ONCE instead of WARN_ON	2023-04-11 19:23:15 -07:00
init.c	fsverity: remove debug messages and CONFIG_FS_VERITY_DEBUG	2023-01-01 15:46:48 -08:00
Kconfig	fsverity: remove debug messages and CONFIG_FS_VERITY_DEBUG	2023-01-01 15:46:48 -08:00
Makefile	fs-verity: add FS_IOC_READ_VERITY_METADATA ioctl	2021-02-07 14:51:11 -08:00
measure.c	fsverity: simplify fsverity_get_digest()	2022-11-29 21:07:41 -08:00
open.c	fsverity: use WARN_ON_ONCE instead of WARN_ON	2023-04-11 19:23:15 -07:00
read_metadata.c	fs-verity: use kmap_local_page() instead of kmap()	2022-08-19 15:19:55 -07:00
signature.c	fs-verity: simplify sysctls with register_sysctl()	2023-03-27 21:17:02 -07:00
verify.c	fsverity: Remove WQ_UNBOUND from fsverity read workqueue	2023-03-14 16:16:36 -07:00