From 5b060d5b7f0d76ee5c8626d34747cf605dd81e13 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Fri, 24 Nov 2017 02:02:38 +0100 Subject: [PATCH] metaentry.c: Fix underallocation for xattr_lvalues. Wrong type has been used for calculating size of requested memory. Underallocation happened in mentries_fromfile() code path if sizeof(ssize_t) > sizeof(int), which is true on 64-bit platforms. Reading metadata file with extended attributes entries led to corruption of metadata represented in memory on such platforms, so applying could led to corruption of metadata on disk too. Reported-by: Uros Juvan --- NEWS | 11 ++++++++++- src/metaentry.c | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index e48f766..cd0ff4e 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,13 @@ -v1.1.0 2016-02-01 +Latest stuff +------------------------------------------------------------------------ + + * BUGFIX: Reading metadata file with extended attributes entries led + to corruption of metadata represented in memory on 64-bit + platforms, so applying could led to corruption of metadata + on disk too. Bug discovered thanks to Uros Juvan. + + +v1.1.0 (2016-02-01) ------------------------------------------------------------------------ * BUGFIX: Applying metadata with extended attribute having null byte diff --git a/src/metaentry.c b/src/metaentry.c index 2f850fd..2e2d7a4 100644 --- a/src/metaentry.c +++ b/src/metaentry.c @@ -500,7 +500,7 @@ mentries_fromfile(struct metahash **mhash, const char *path) } mentry->xattr_names = xmalloc(mentry->xattrs * sizeof(char *)); - mentry->xattr_lvalues = xmalloc(mentry->xattrs * sizeof(int)); + mentry->xattr_lvalues = xmalloc(mentry->xattrs * sizeof(ssize_t)); mentry->xattr_values = xmalloc(mentry->xattrs * sizeof(char *)); for (i = 0; i < mentry->xattrs; i++) { -- 2.11.4.GIT