ChangeSet 1.1982.161.33, 2005/03/25 17:45:24-08:00, [EMAIL PROTECTED]
[PATCH] isofs: more "corrupted iso image" error cases
Michal Zalewski <[EMAIL PROTECTED]> discovers range checking flaws in
iso9660 filesystem.
http://marc.theaimsgroup.com/?l=bugtraq&m=111110067304783&w=2
CAN-2005-0815 is assigned to this issue.
From: Linus Torvalds <[EMAIL PROTECTED]>
isofs: more "corrupted iso image" error cases
Thanks to Michal Zalewski for testing.
Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
inode.c | 5 +++++
1 files changed, 5 insertions(+)
diff -Nru a/fs/isofs/inode.c b/fs/isofs/inode.c
--- a/fs/isofs/inode.c 2005-03-26 11:29:20 -08:00
+++ b/fs/isofs/inode.c 2005-03-26 11:29:20 -08:00
@@ -685,6 +685,8 @@
sbi->s_log_zone_size = isonum_723 (h_pri->logical_block_size);
sbi->s_max_size = isonum_733(h_pri->volume_space_size);
} else {
+ if (!pri)
+ goto out_freebh;
rootp = (struct iso_directory_record *) pri->root_directory_record;
sbi->s_nzones = isonum_733 (pri->volume_space_size);
sbi->s_log_zone_size = isonum_723 (pri->logical_block_size);
@@ -1394,6 +1396,9 @@
unsigned long hashval;
struct inode *inode;
struct isofs_iget5_callback_data data;
+
+ if (offset >= 1ul << sb->s_blocksize_bits)
+ return NULL;
data.block = block;
data.offset = offset;
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
