squashfs: be more careful about metadata corruption - linux/linux-stable.git

diff options

author	Linus Torvalds <torvalds@linux-foundation.org>	2018-07-29 12:44:46 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-08-03 07:55:26 +0200
commit	1aecbe4326b1da7e4afb075c92e24ba2c52ff3e8 (patch)
tree	cbc3875ab43ae11151bd9451696385de5cc845b2 /fs/ext4/inline.c
parent	820f2bcacbdb8e537abce8cdf660ff3b2c67871c (diff)

squashfs: be more careful about metadata corruption

commit 01cfb7937a9af2abb1136c7e89fbf3fd92952956 upstream. Anatoly Trosinenko reports that a corrupted squashfs image can cause a kernel oops. It turns out that squashfs can end up being confused about negative fragment lengths. The regular squashfs_read_data() does check for negative lengths, but squashfs_read_metadata() did not, and the fragment size code just blindly trusted the on-disk value. Fix both the fragment parsing and the metadata reading code. Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Phillip Lougher <phillip@squashfs.org.uk> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'fs/ext4/inline.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: