NTFS: 2.0.5 release. Major buffer overflow fix in extent inode handling.

Upgrade is imperative!

NTFS: 2.0.5 release. Major buffer overflow fix in extent inode handling.
Upgrade is imperative!
e751b54b · Anton Altaparmakov · 53dca8d7 · e751b54b · e751b54b · e751b54b
Commit e751b54b authored May 02, 2002 by Anton Altaparmakov
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

fs/ntfs/ChangeLog fs/ntfs/ChangeLog +13 -1

fs/ntfs/Makefile fs/ntfs/Makefile +1 -1

fs/ntfs/mft.c fs/ntfs/mft.c +1 -1

No files found.
--- a/fs/ntfs/ChangeLog
+++ b/fs/ntfs/ChangeLog
@@ -27,6 +27,18 @@ ToDo:
 	  quite big. Modularising them a bit, e.g. a-la get_block(), will make
 	  them cleaner and make code reuse easier.

+2.0.5 - Major bugfix. Buffer overflow in extent inode handling.
+
+	- No need to set old blocksize in super.c::ntfs_fill_super() as the
+	  VFS does so via invocation of deactivate_super() calling
+	  fs->fill_super() calling block_kill_super() which does it.
+	- BKL moved from VFS into dir.c::ntfs_readdir(). (Linus Torvalds)
+	  -> Do we really need it? I don't think so as we have exclusion on
+	  the directory ntfs_inode rw_semaphore mrec_lock. We mmight have to
+	  move the ->f_pos accesses under the mrec_lock though. Check this...
+	- Fix really, really, really stupid buffer overflow in extent inode
+	  handling in mft.c::map_extent_mft_record().
+
 2.0.4 - Cleanups and updates for kernel 2.5.11.

 	- Add documentation on how to use the MD driver to be able to use NTFS
@@ -35,7 +47,7 @@ ToDo:
 	Remove all uses of kdev_t in favour of struct block_device *:
 	- Change compress.c::ntfs_file_read_compressed_block() to use
 	  sb_getblk() instead of getblk().
-	- Change super.c::ntfs_fill_suoer() to use bdev_hardsect_size() instead
+	- Change super.c::ntfs_fill_super() to use bdev_hardsect_size() instead
 	  of get_hardsect_size().
 	- No need to get old blocksize in super.c::ntfs_fill_super() as
 	  fs/super.c::get_sb_bdev() already does this.

--- a/fs/ntfs/Makefile
+++ b/fs/ntfs/Makefile
@@ -7,7 +7,7 @@ obj-y   := aops.o attrib.o compress.o debug.o dir.o file.o inode.o mft.o \

 obj-m   := $(O_TARGET)

-EXTRA_CFLAGS = -DNTFS_VERSION=\"2.0.4\"
+EXTRA_CFLAGS = -DNTFS_VERSION=\"2.0.5\"

 ifeq ($(CONFIG_NTFS_DEBUG),y)
 EXTRA_CFLAGS += -DDEBUG

--- a/fs/ntfs/mft.c
+++ b/fs/ntfs/mft.c
@@ -459,7 +459,7 @@ MFT_RECORD *map_extent_mft_record(ntfs_inode *base_ni, MFT_REF mref,
 		goto unm_err_out;
 	}
 	/* Attach extent inode to base inode, reallocating memory if needed. */
-	if (!(base_ni->nr_extents & ~3)) {
+	if (!(base_ni->nr_extents & 3)) {
 		ntfs_inode **tmp;
 		int new_size = (base_ni->nr_extents + 4) * sizeof(ntfs_inode *);