fs/jfs: Catch infinite recursion

author Daniel Axtens <dja@axtens.net>

Mon, 18 Jan 2021 04:47:24 +0000 (15:47 +1100)

committer Daniel Kiper <daniel.kiper@oracle.com>

Tue, 2 Mar 2021 14:54:18 +0000 (15:54 +0100)
author Daniel Axtens <dja@axtens.net>
Mon, 18 Jan 2021 04:47:24 +0000 (15:47 +1100)
committer Daniel Kiper <daniel.kiper@oracle.com>
Tue, 2 Mar 2021 14:54:18 +0000 (15:54 +0100)
diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c

index 804c42d31ef0ba9dad93fa4e9e0023ece1e6123a..6f7c4390498b4e1b94893d24eea7cc7f34a188ef 100644 (file)
--- a/grub-core/fs/jfs.c
+++ b/grub-core/fs/jfs.c
@@ -304,7 +304,16 @@ getblk (struct grub_jfs_treehead *treehead,
                            << (grub_le_to_cpu16 (data->sblock.log2_blksz)
                                - GRUB_DISK_SECTOR_BITS), 0,
                            sizeof (*tree), (char *) tree))
-       ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk);
+       {
+         if (grub_memcmp (&tree->treehead, treehead, sizeof (struct grub_jfs_treehead)) ||
+             grub_memcmp (&tree->extents, extents, 254 * sizeof (struct grub_jfs_tree_extent)))
+           ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk);
+         else
+           {
+             grub_error (GRUB_ERR_BAD_FS, "jfs: infinite recursion detected");
+             ret = -1;
+           }
+       }
        grub_free (tree);
        return ret;
      }
author	Daniel Axtens <dja@axtens.net>
	Mon, 18 Jan 2021 04:47:24 +0000 (15:47 +1100)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 2 Mar 2021 14:54:18 +0000 (15:54 +0100)