From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Sun, 22 Jan 2023 17:40:15 +0000 (+0000)
Subject: libblkid: bcachefs: limit maximum size of read superblock
X-Git-Tag: v2.39-rc1~137
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eef4dbe0cbd9fe5cbce16e04760d2e6113403cc1;p=thirdparty%2Futil-linux.git

libblkid: bcachefs: limit maximum size of read superblock
---

diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c
index b405480496..b66ed8b196 100644
--- a/libblkid/src/superblocks/bcache.c
+++ b/libblkid/src/superblocks/bcache.c
@@ -106,6 +106,8 @@ struct bcachefs_super_block {
 #define BCACHE_SB_CSUMMED_END 208
 /* granularity of offset and length fields within superblock */
 #define BCACHEFS_SECTOR_SIZE   512
+/* maximum superblock size */
+#define BCACHEFS_SB_MAX_SIZE   4096
 /* fields offset within super block */
 #define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start)
 /* tag value for members field */
@@ -258,6 +260,9 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag)
 		return BLKID_PROBE_NONE;
 
 	sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs);
+	if (sb_size > BCACHEFS_SB_MAX_SIZE)
+		return BLKID_PROBE_NONE;
+
 	sb = blkid_probe_get_sb_buffer(pr, mag, sb_size);
 	if (!sb)
 		return BLKID_PROBE_NONE;