| From: Jan Kara <jack@suse.cz> |
| Date: Wed, 13 Jun 2018 12:09:22 +0200 |
| Subject: udf: Detect incorrect directory size |
| |
| commit fa65653e575fbd958bdf5fb9c4a71a324e39510d upstream. |
| |
| Detect when a directory entry is (possibly partially) beyond directory |
| size and return EIO in that case since it means the filesystem is |
| corrupted. Otherwise directory operations can further corrupt the |
| directory and possibly also oops the kernel. |
| |
| CC: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> |
| Reported-and-tested-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> |
| Signed-off-by: Jan Kara <jack@suse.cz> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| fs/udf/directory.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/fs/udf/directory.c |
| +++ b/fs/udf/directory.c |
| @@ -151,6 +151,9 @@ struct fileIdentDesc *udf_fileident_read |
| sizeof(struct fileIdentDesc)); |
| } |
| } |
| + /* Got last entry outside of dir size - fs is corrupted! */ |
| + if (*nf_pos > dir->i_size) |
| + return NULL; |
| return fi; |
| } |
| |