Re: [PATCH] ext4: Fix ext4_empty_dir() for directories with holes

27 Nov 2019


      On Wed, Nov 27, 2019 at 02:44:15PM -0500, Theodore Y. Ts'o wrote:
...
On Wed, Nov 27, 2019 at 02:12:58PM +0100, Jan Kara wrote:
...
Function ext4_empty_dir() doesn't correctly handle directories with
holes and crashes on bh->b_data dereference when bh is NULL....
Hi Jan,
Thanks for the patch.
However, it looks like we're still vulnerable to the first block of
the directory being NULL?
...
@@ -2833,19 +2833,25 @@ bool ext4_empty_dir(struct inode *inode)
   	return true;
 
   de = (struct ext4_dir_entry_2 *) bh->b_data;
                                     ^^^^^^^^^^^

Ah, never mind.  Since we're calling ext4_read_dirblock() with
DIRENT_HTREE, if bh is NULL, it will get caught earlier, and
ext4_read_dirblock() will return ERR_PTR(-EFSCORRUPTED).
- Ted

    