Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp460833rdf; Fri, 3 Nov 2023 06:04:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG5KxAiq0d0m1SjNVyEXcMsyG9R9gwDbaQ0vR3ATmbnGyZSnkbhgHSQWiMMCtBOSZhATZt/ X-Received: by 2002:a05:6870:ebcf:b0:1e9:ae68:fda3 with SMTP id cr15-20020a056870ebcf00b001e9ae68fda3mr23461701oab.12.1699016683116; Fri, 03 Nov 2023 06:04:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1699016683; cv=none; d=google.com; s=arc-20160816; b=GDXbZs3WWEGpm3tsLmys2HyB8AzhO8XNBbahRrePqQ549yWKYrR6vLjN/oor+i5Juw XJqYSbu4T94Uid/0q+DJLYBv3JZ5Ggf3Ci2WJXm1eR7rYynqP6N2xeD1kwnStNavEd65 NrmG23d7kH05nqN+HX+upTPP8b8xFHm9QBrh4f0HnVXUWMBvWSYsJrndV/pIqDDYh3d5 kJ5I+QBJhi75UE1fSlZpLC/+N90QUp+pRxcXa+nBLS83KhKI3+cPo8DpfRo+r62rc7g+ hqdAy8BAw2c0jVrgcZhKSjiGQvTKPzL2b2KPA/Eh2BAdUQua8ik/XxOHvGqDkzXMAm31 MQCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:feedback-id:dkim-signature :dkim-signature; bh=7V/ZlNKaTUskIGK6nMw36B9soacEoSk1nBJTzZo/h7A=; fh=R0XCbdHYgaA3mlCqPVW9xz+6yRxmnK7bfKAo8Ci8rUI=; b=n8Z0kQWZOa/skhJEcP/OYVMNEJPOvxMl58v5EObwe+jXYNxBzM7bxoMy9CSoT65MO7 frcDtROIZEuglV1lpKVrJBTBIjwIECS1EkGceY6WHuR3ODAs0bvbHRORwfCm3eNZkEe1 aOx1n+ouEd1fQwhsC3Jypoo6L3l3nZ/kDvyH6Chg4AkJCjG7XBFSsyP7GCApaXHzFzuU oKab8mA9vURi0RkYPCoLOFyVSp2ejSlls529tEboVLDx8WdxHeYNnV2t3cfsJbJZYSA1 CNrQ6idH9tG0VHrmroG6TTp/YBqMcmmNbpK8pyQ0h2+I33PXTufjEHAgJ8n60vfYEvu/ wv8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jcline.org header.s=fm3 header.b=DFubZ7us; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=VusiPKup; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id ns17-20020a056870ac9100b001efb19030a1si683095oab.191.2023.11.03.06.04.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Nov 2023 06:04:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@jcline.org header.s=fm3 header.b=DFubZ7us; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=VusiPKup; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 8C1D2835451E; Fri, 3 Nov 2023 06:04:31 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376678AbjKCNEU (ORCPT + 99 others); Fri, 3 Nov 2023 09:04:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376671AbjKCNET (ORCPT ); Fri, 3 Nov 2023 09:04:19 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2AA511A8; Fri, 3 Nov 2023 06:04:13 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 91C455C0263; Fri, 3 Nov 2023 09:04:10 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Fri, 03 Nov 2023 09:04:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jcline.org; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm3; t=1699016650; x=1699103050; bh=7V/ZlNKaTU skIGK6nMw36B9soacEoSk1nBJTzZo/h7A=; b=DFubZ7uslAHrPRf4Gam4dx6Mp7 KC7SRt1xFsVkov2P32eLdvxV2qGfTVZqxbsPY1DRqFbY+mvk6jKZ7MHYr8MRc47Y pIilV4qP2e4ridQkaP6fZ4AAUPF6sYUU7W2PfC9HR9M+nLLHquFX8Mbq0l4g28PJ Lh4+YCrM4ccTt1jiCi+8MvuLG+CpOSQqTwj20kkBagx7wz/ZiZhbtXYddg8zX4Rx LJJb6AHmBM83pxdynltenTEjVh3KUQRyO+FQ8i4cYTgkojb+5ELniPCPZbDY+z8Z +WQad9yXqWTIuWWH+iAD3gSg2Y8+1RfpPUWChv6q7Scf9Vo3s3YIMlGsdIlg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1699016650; x=1699103050; bh=7V/ZlNKaTUskI GK6nMw36B9soacEoSk1nBJTzZo/h7A=; b=VusiPKup15XHpVJnrC0BKjU8xmBtY Nfjwhrb2scb+53HL7zJb7YvikPgyBHqRr6N590d7POPJgmHUMvoU8NyHcalQ3bfQ F+OXunsmJPUMYdOxqsc+UW6D6Dc8zIUbw+1HnFh4d5K77GRapbVDavmiv3lYDiMB D+vjGql+ClRQyI9xcSXi08wWNrq5U7J/dOT2j9qp1L2vdcGi0dp++jcEaYyC6yCC gzDZGvqFI9ajaIQNsCndNYwkaTLiBx8WjyqYfnIvIYfyt9yTQHna13UsLbxn0P6t OOUYSDy3bGes30pOd1lq6Rr3Oc5euAPkLDUj8p5B26O5r5nCC2aFhkePQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedruddtkedggeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffoggfgsedtkeertd ertddtnecuhfhrohhmpeflvghrvghmhicuvehlihhnvgcuoehjvghrvghmhiesjhgtlhhi nhgvrdhorhhgqeenucggtffrrghtthgvrhhnpeevleevfeehuefhhfeiudevgfdufeeivd efudetjeelffelgffgkedvuefhgfetveenucffohhmrghinhepshihiihkrghllhgvrhdr rghpphhsphhothdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmh grihhlfhhrohhmpehjvghrvghmhiesjhgtlhhinhgvrdhorhhg X-ME-Proxy: Feedback-ID: i7a7146c5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 3 Nov 2023 09:04:09 -0400 (EDT) From: Jeremy Cline To: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Jeremy Cline , syzbot+5ce571007a695806e949@syzkaller.appspotmail.com Subject: [PATCH] hfs: check return value before accessing fd in hfs_brec_find() Date: Fri, 3 Nov 2023 09:03:59 -0400 Message-ID: <20231103130359.882002-1-jeremy@jcline.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 03 Nov 2023 06:04:31 -0700 (PDT) In the event that hfs_brec_keylen() fails, an error is returned to the caller of __hfs_brec_find() and the struct hfs_find_data is not initialized. The result needs to be checked before attempting to read any fields from fd. Reported-by: syzbot+5ce571007a695806e949@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5ce571007a695806e949 Signed-off-by: Jeremy Cline --- fs/hfs/bfind.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/hfs/bfind.c b/fs/hfs/bfind.c index ef9498a6e88a..f225c78a9e66 100644 --- a/fs/hfs/bfind.c +++ b/fs/hfs/bfind.c @@ -136,6 +136,8 @@ int hfs_brec_find(struct hfs_find_data *fd) bnode->parent = parent; res = __hfs_brec_find(bnode, fd); + if (res < 0) + goto release; if (!height) break; if (fd->record < 0) -- 2.41.0