Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

udf: Check length of extended attributes and allocation descriptors

Check length of extended attributes and allocation descriptors when
loading inodes from disk. Otherwise corrupted filesystems could confuse
the code and make the kernel oops.

Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Jan Kara 10 years ago
parent
7914495427
commit
23b133bdc4
1 changed files with 9 additions and 0 deletions
Unified View Show Diff Stats
  1. 9 0
      fs/udf/inode.c

+ 9 - 0
fs/udf/inode.c
View File 

@@ -1487,6 +1487,15 @@ reread:
 
 	}
 
 	}
 
 	inode->i_generation = iinfo->i_unique;
 
 	inode->i_generation = iinfo->i_unique;
 
 
 
+	/*
 
+	 * Sanity check length of allocation descriptors and extended attrs to
 
+	 * avoid integer overflows
 
+	 */
 
+	if (iinfo->i_lenEAttr > bs || iinfo->i_lenAlloc > bs)
 
+		goto out;
 
+	/* Now do exact checks */
 
+	if (udf_file_entry_alloc_offset(inode) + iinfo->i_lenAlloc > bs)
 
+		goto out;
 
 	/* Sanity checks for files in ICB so that we don't get confused later */
 
 	/* Sanity checks for files in ICB so that we don't get confused later */
 
 	if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
 
 	if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
 
 		/*
 
 		/*