1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
|
From deae5e809b524a3cca3ecf66be28058134575a02 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Wed, 8 Oct 2014 12:09:35 -0400
Subject: [PATCH] resize2fs: fix fs->blocksize dereference after fs has been
freed
Commit 77255cf36944b introduced a use after free bug.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
resize/main.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/resize/main.c b/resize/main.c
index c107028..983d8c2 100644
--- a/resize/main.c
+++ b/resize/main.c
@@ -181,6 +181,7 @@ int main (int argc, char ** argv)
ext2fs_struct_stat st_buf;
__s64 new_file_size;
unsigned int sys_page_size = 4096;
+ unsigned int blocksize;
long sysval;
int len, mount_flags;
char *mtpt;
@@ -366,7 +367,8 @@ int main (int argc, char ** argv)
* defaults and for making sure the new filesystem doesn't
* exceed the partition size.
*/
- retval = ext2fs_get_device_size2(device_name, fs->blocksize,
+ blocksize = fs->blocksize;
+ retval = ext2fs_get_device_size2(device_name, blocksize,
&max_size);
if (retval) {
com_err(program_name, retval, "%s",
@@ -386,8 +388,8 @@ int main (int argc, char ** argv)
} else {
new_size = max_size;
/* Round down to an even multiple of a pagesize */
- if (sys_page_size > fs->blocksize)
- new_size &= ~((sys_page_size / fs->blocksize)-1);
+ if (sys_page_size > blocksize)
+ new_size &= ~((sys_page_size / blocksize)-1);
}
if (!EXT2_HAS_INCOMPAT_FEATURE(fs->super,
EXT4_FEATURE_INCOMPAT_64BIT)) {
@@ -423,7 +425,7 @@ int main (int argc, char ** argv)
* automatically extend it in a sparse fashion by writing the
* last requested block.
*/
- new_file_size = ((__u64) new_size) * fs->blocksize;
+ new_file_size = ((__u64) new_size) * blocksize;
if ((__u64) new_file_size >
(((__u64) 1) << (sizeof(st_buf.st_size)*8 - 1)) - 1)
fd = -1;
@@ -437,13 +439,13 @@ int main (int argc, char ** argv)
fprintf(stderr, _("The containing partition (or device)"
" is only %llu (%dk) blocks.\nYou requested a new size"
" of %llu blocks.\n\n"), max_size,
- fs->blocksize / 1024, new_size);
+ blocksize / 1024, new_size);
exit(1);
}
if (new_size == ext2fs_blocks_count(fs->super)) {
fprintf(stderr, _("The filesystem is already %llu (%dk) "
"blocks long. Nothing to do!\n\n"), new_size,
- fs->blocksize / 1024);
+ blocksize / 1024);
exit(0);
}
if (mount_flags & EXT2_MF_MOUNTED) {
@@ -453,7 +455,7 @@ int main (int argc, char ** argv)
bigalloc_check(fs, force);
printf(_("Resizing the filesystem on "
"%s to %llu (%dk) blocks.\n"),
- device_name, new_size, fs->blocksize / 1024);
+ device_name, new_size, blocksize / 1024);
retval = resize_fs(fs, &new_size, flags,
((flags & RESIZE_PERCENT_COMPLETE) ?
resize_progress_func : 0));
@@ -470,7 +472,7 @@ int main (int argc, char ** argv)
exit(1);
}
printf(_("The filesystem on %s is now %llu (%dk) blocks long.\n\n"),
- device_name, new_size, fs->blocksize / 1024);
+ device_name, new_size, blocksize / 1024);
if ((st_buf.st_size > new_file_size) &&
(fd > 0)) {
--
2.5.0
|