]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91a484f)
libblkid: befs - avoid undefined shift
authorMilan Broz <gmazyland@gmail.com>
Mon, 23 Jan 2023 12:46:31 +0000 (13:46 +0100)
committerMilan Broz <gmazyland@gmail.com>
Mon, 23 Jan 2023 12:51:43 +0000 (13:51 +0100)
BEFS does not check maximal value for ag_shift leading
to undefined behavior. Avoid this by limiting shift size.

Reproducer found with OSS-Fuzz (issue 55285) running over
cryptsetup project (blkid is used in header init).

Signed-off-by: Milan Broz <gmazyland@gmail.com>
libblkid/src/superblocks/befs.c patch | blob | blame | history

diff --git a/libblkid/src/superblocks/befs.c b/libblkid/src/superblocks/befs.c
index 8de697ddc0031e89d5d93e531120a7c7623097f4..5112d44f49aa07ae0229a88dfd525fe211f7fb67 100644 (file)
--- a/libblkid/src/superblocks/befs.c
+++ b/libblkid/src/superblocks/befs.c
@@ -502,6 +502,9 @@ static int probe_befs(blkid_probe pr, const struct blkid_idmag *mag)
            block_size != 1U << block_shift)
                return BLKID_PROBE_NONE;
 
+       if (FS32_TO_CPU(bs->ag_shift, fs_le) > 64)
+               return BLKID_PROBE_NONE;
+
        ret = get_uuid(pr, bs, &volume_id, fs_le);
 
        if (ret != 0)
Unnamed repository; edit this file 'description' to name the repository.