projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 0f714131 GKH |
1 | From fa65653e575fbd958bdf5fb9c4a71a324e39510d Mon Sep 17 00:00:00 2001 |
| 2 | From: Jan Kara <jack@suse.cz> | |
| 3 | Date: Wed, 13 Jun 2018 12:09:22 +0200 | |
| 4 | Subject: udf: Detect incorrect directory size | |
| 5 | ||
| 6 | From: Jan Kara <jack@suse.cz> | |
| 7 | ||
| 8 | commit fa65653e575fbd958bdf5fb9c4a71a324e39510d upstream. | |
| 9 | ||
| 10 | Detect when a directory entry is (possibly partially) beyond directory | |
| 11 | size and return EIO in that case since it means the filesystem is | |
| 12 | corrupted. Otherwise directory operations can further corrupt the | |
| 13 | directory and possibly also oops the kernel. | |
| 14 | ||
| 15 | CC: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> | |
| 16 | CC: stable@vger.kernel.org | |
| 17 | Reported-and-tested-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> | |
| 18 | Signed-off-by: Jan Kara <jack@suse.cz> | |
| 19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 20 | ||
| 21 | --- | |
| 22 | fs/udf/directory.c | 3 +++ | |
| 23 | 1 file changed, 3 insertions(+) | |
| 24 | ||
| 25 | --- a/fs/udf/directory.c | |
| 26 | +++ b/fs/udf/directory.c | |
| 27 | @@ -151,6 +151,9 @@ struct fileIdentDesc *udf_fileident_read | |
| 28 | sizeof(struct fileIdentDesc)); | |
| 29 | } | |
| 30 | } | |
| 31 | + /* Got last entry outside of dir size - fs is corrupted! */ | |
| 32 | + if (*nf_pos > dir->i_size) | |
| 33 | + return NULL; | |
| 34 | return fi; | |
| 35 | } | |
| 36 |