Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / a47241cdeee2689ee7089ec95cadfcf66588fbdb
commita47241cdeee2689ee7089ec95cadfcf66588fbdb[log] [tgz]
authorAlden Tondettar <alden.tondettar@gmail.com>Mon Apr 25 19:27:56 2016 -0700
committerJan Kara <jack@suse.cz>Tue Apr 26 08:25:07 2016 +0200
tree78565c734b29f102c1d1350f71aae947cda8593e
parentc26f6c61578852f679787d555e6d07804e1f5f14 [diff]
udf: Prevent stack overflow on corrupted filesystem mount

Presently, a corrupted or malicious UDF filesystem containing a very large
number (or cycle) of Logical Volume Integrity Descriptor extent
indirections may trigger a stack overflow and kernel panic in
udf_load_logicalvolint() on mount.

Replace the unnecessary recursion in udf_load_logicalvolint() with
simple iteration. Set an arbitrary limit of 1000 indirections (which would
have almost certainly overflowed the stack without this fix), and treat
such cases as if there were no LVID.

Signed-off-by: Alden Tondettar <alden.tondettar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
1 file changed
tree: 78565c734b29f102c1d1350f71aae947cda8593e
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS