ChangeSet 1.1485, 2005/03/25 20:51:51-03:00, [EMAIL PROTECTED]
[PATCH] isofs: Some more defensive checks to keep corrupt isofs images
from corrupting memory/oopsing.
Michal Zalewski <[EMAIL PROTECTED]> discovers range checking flaws in
iso9660 filesystem.
http://marc.theaimsgroup.com/?l=bugtraq&m=111110067304783&w=2
CAN-2005-0815 is assigned to this issue.
Some more defensive checks to keep corrupt isofs images from corrupting
memory or causing Oops.
Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
===== fs/isofs/rock.c 1.23 vs edited =====
rock.c | 4 ++++
1 files changed, 4 insertions(+)
diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c
--- a/fs/isofs/rock.c 2005-03-26 13:03:00 -08:00
+++ b/fs/isofs/rock.c 2005-03-26 13:03:00 -08:00
@@ -73,6 +73,10 @@
offset1 = 0; \
pbh = sb_bread(DEV->i_sb, block); \
if(pbh){ \
+ if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \
+ brelse(pbh); \
+ goto out; \
+ } \
memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \
brelse(pbh); \
chr = (unsigned char *) buffer; \
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
