| From 0f782a00bc446007bdb6ddf2e535f285cfa4b31a Mon Sep 17 00:00:00 2001 |
| From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> |
| Date: Thu, 4 Jun 2020 16:50:56 -0700 |
| Subject: [PATCH] fat: don't allow to mount if the FAT length == 0 |
| |
| commit b1b65750b8db67834482f758fc385bfa7560d228 upstream. |
| |
| If FAT length == 0, the image doesn't have any data. And it can be the |
| cause of overlapping the root dir and FAT entries. |
| |
| Also Windows treats it as invalid format. |
| |
| Reported-by: syzbot+6f1624f937d9d6911e2d@syzkaller.appspotmail.com |
| Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Cc: Marco Elver <elver@google.com> |
| Cc: Dmitry Vyukov <dvyukov@google.com> |
| Link: http://lkml.kernel.org/r/87r1wz8mrd.fsf@mail.parknet.co.jp |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/fs/fat/inode.c b/fs/fat/inode.c |
| index c3de5c0c7e7b..45b4aa8878c3 100644 |
| --- a/fs/fat/inode.c |
| +++ b/fs/fat/inode.c |
| @@ -1514,6 +1514,12 @@ static int fat_read_bpb(struct super_block *sb, struct fat_boot_sector *b, |
| goto out; |
| } |
| |
| + if (bpb->fat_fat_length == 0 && bpb->fat32_length == 0) { |
| + if (!silent) |
| + fat_msg(sb, KERN_ERR, "bogus number of FAT sectors"); |
| + goto out; |
| + } |
| + |
| error = 0; |
| |
| out: |
| -- |
| 2.27.0 |
| |