Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / e595447e177b39aa6c96baaa57b30cde2d8b9df7
commite595447e177b39aa6c96baaa57b30cde2d8b9df7[log] [tgz]
authorAndrew Morton <akpm@osdl.org>Tue Jun 21 17:16:50 2005 -0700
committerLinus Torvalds <torvalds@ppc970.osdl.org>Tue Jun 21 19:07:38 2005 -0700
tree7c6c1be2e623fc3cefb1a0afcb51247293a393eb
parent9eb7f2c67c41d2cd730aedcd23e5baca09211d03 [diff]
[PATCH] rock.c: handle corrupted directories

The bug in rock.c is that it's totally trusting of the contents of the
directories.  If the directory says there's a continuation 10000 bytes into
this 4k block then we cheerily poke around in memory we don't own and oops.

So change rock_continue() to apply various sanity checks, at least ensuring
that the offset+length remain within the bounds for the header part of a
struct rock_ridge directory entry.

Note that the kernel can still overindex the buffer due to the variable size
of the rock-ridge directory entries.  We cannot check that in rock_continue()
unless we go parse the directory entry's signature and work out its size.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1 file changed
tree: 7c6c1be2e623fc3cefb1a0afcb51247293a393eb
  1. arch/
  2. crypto/
  3. Documentation/
  4. drivers/
  5. fs/
  6. include/
  7. init/
  8. ipc/
  9. kernel/
  10. lib/
  11. mm/
  12. net/
  13. scripts/
  14. security/
  15. sound/
  16. usr/
  17. COPYING
  18. CREDITS
  19. MAINTAINERS
  20. Makefile
  21. README
  22. REPORTING-BUGS