ChangeSet 1.1485, 2005/03/25 20:51:51-03:00, [EMAIL PROTECTED] [PATCH] isofs: Some more defensive checks to keep corrupt isofs images from corrupting memory/oopsing. Michal Zalewski <[EMAIL PROTECTED]> discovers range checking flaws in iso9660 filesystem. http://marc.theaimsgroup.com/?l=bugtraq&m=111110067304783&w=2 CAN-2005-0815 is assigned to this issue. Some more defensive checks to keep corrupt isofs images from corrupting memory or causing Oops. Signed-off-by: Chris Wright <[EMAIL PROTECTED]> ===== fs/isofs/rock.c 1.23 vs edited =====
rock.c | 4 ++++ 1 files changed, 4 insertions(+) diff -Nru a/fs/isofs/rock.c b/fs/isofs/rock.c --- a/fs/isofs/rock.c 2005-03-26 13:03:00 -08:00 +++ b/fs/isofs/rock.c 2005-03-26 13:03:00 -08:00 @@ -73,6 +73,10 @@ offset1 = 0; \ pbh = sb_bread(DEV->i_sb, block); \ if(pbh){ \ + if (offset > pbh->b_size || offset + cont_size > pbh->b_size){ \ + brelse(pbh); \ + goto out; \ + } \ memcpy(buffer + offset1, pbh->b_data + offset, cont_size - offset1); \ brelse(pbh); \ chr = (unsigned char *) buffer; \ - To unsubscribe from this list: send the line "unsubscribe bk-commits-24" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html