ext4: always verify the magic number in xattr blocks

If there an inode points to a block which is also some other type of metadata block (such as a block allocation bitmap), the buffer_verified flag can be set when it was validated as that other metadata block type; however, it would make a really terrible external attribute block. The reason why we use the verified flag is to avoid constantly reverifying the block. However, it doesn't take much overhead to make sure the magic number of the xattr block is correct, and this will avoid potential crashes. This addresses CVE-2018-10879. https://bugzilla.kernel.org/show_bug.cgi?id=200001 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Cc: stable@kernel.org
author: Theodore Ts'o <tytso@mit.edu> 2018-06-13 00:51:28 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2018-06-13 00:51:28 -0400
commit: 513f86d73855ce556ea9522b6bfd79f87356dc3a (patch)
tree: 9bbb2fb100f1e49d7f04d365842c0b2670ac03d0 /fs/ext4/xattr.c
parent: 5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 230ba79715f6..0263692979ec 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh,
 {
 	int error = -EFSCORRUPTED;
 
-	if (buffer_verified(bh))
-		return 0;
-
 	if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||
 	    BHDR(bh)->h_blocks != cpu_to_le32(1))
 		goto errout;
+	if (buffer_verified(bh))
+		return 0;
+
 	error = -EFSBADCRC;
 	if (!ext4_xattr_block_csum_verify(inode, bh))
 		goto errout;
author	Theodore Ts'o <tytso@mit.edu>	2018-06-13 00:51:28 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2018-06-13 00:51:28 -0400
commit	513f86d73855ce556ea9522b6bfd79f87356dc3a (patch)
tree	9bbb2fb100f1e49d7f04d365842c0b2670ac03d0 /fs/ext4/xattr.c
parent	5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d (diff)