From e621657025f4d05b88b6f8bebae567a268e0b90a Mon Sep 17 00:00:00 2001
From: Paul Emge <paulemge@forallsecure.com>
Date: Tue, 14 Jan 2020 20:15:32 +0530
Subject: [PATCH] CVE-2019-13104: ext4: check for underflow in ext4fs_read_file

In ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.

Change-Id: Ia9abdb744dfff20aa1a538d38f335284e30a307b
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
Signed-off-by: Karthick Shanmugham <kartshan@codeaurora.org>
---
 fs/ext4/ext4fs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index 258b93791b..38ba8f3e56 100644
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -68,6 +68,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 	if (len > filesize)
 		len = filesize;
 
+	if (blocksize <= 0 || len <= 0)
+		return -1;
+
 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
 
 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {