mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 20:05:39 +00:00
[PATCH] isofs: more defensive checks against corrupt isofs images
Michal Zalewski <lcamtuf@dione.ids.pl> discovers range checking flaws in iso9660 filesystem. http://marc.theaimsgroup.com/?l=bugtraq&m=111110067304783&w=2 CAN-2005-0815 is assigned to this issue. Some more defensive checks to keep corrupt isofs images from corrupting memory or causing Oops. Signed-off-by: Chris Wright <chrisw@osdl.org> ===== fs/isofs/rock.c 1.23 vs edited =====
This commit is contained in:
parent
5ab3629112
commit
cc981951db
1 changed files with 4 additions and 0 deletions
|
@ -74,6 +74,10 @@
|
|||
offset1 = 0; \
|
||||
pbh = sb_bread(DEV->i_sb, block); \
|
||||
if(pbh){ \
|
||||
if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \
|
||||
brelse(pbh); \
|
||||
goto out; \
|
||||
} \
|
||||
memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \
|
||||
brelse(pbh); \
|
||||
chr = (unsigned char *) buffer; \
|
||||
|
|
Loading…
Reference in a new issue