]>
Commit | Line | Data |
---|---|---|
0f714131 GKH |
1 | From fa65653e575fbd958bdf5fb9c4a71a324e39510d Mon Sep 17 00:00:00 2001 |
2 | From: Jan Kara <jack@suse.cz> | |
3 | Date: Wed, 13 Jun 2018 12:09:22 +0200 | |
4 | Subject: udf: Detect incorrect directory size | |
5 | ||
6 | From: Jan Kara <jack@suse.cz> | |
7 | ||
8 | commit fa65653e575fbd958bdf5fb9c4a71a324e39510d upstream. | |
9 | ||
10 | Detect when a directory entry is (possibly partially) beyond directory | |
11 | size and return EIO in that case since it means the filesystem is | |
12 | corrupted. Otherwise directory operations can further corrupt the | |
13 | directory and possibly also oops the kernel. | |
14 | ||
15 | CC: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> | |
16 | CC: stable@vger.kernel.org | |
17 | Reported-and-tested-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> | |
18 | Signed-off-by: Jan Kara <jack@suse.cz> | |
19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
20 | ||
21 | --- | |
22 | fs/udf/directory.c | 3 +++ | |
23 | 1 file changed, 3 insertions(+) | |
24 | ||
25 | --- a/fs/udf/directory.c | |
26 | +++ b/fs/udf/directory.c | |
27 | @@ -151,6 +151,9 @@ struct fileIdentDesc *udf_fileident_read | |
28 | sizeof(struct fileIdentDesc)); | |
29 | } | |
30 | } | |
31 | + /* Got last entry outside of dir size - fs is corrupted! */ | |
32 | + if (*nf_pos > dir->i_size) | |
33 | + return NULL; | |
34 | return fi; | |
35 | } | |
36 |