The patch titled
reiserfs: fix kernel panic on corrupted directory
has been added to the -mm tree. Its filename is
reiserfs-fix-kernel-panic-on-corrupted-directory.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: reiserfs: fix kernel panic on corrupted directory
From: lepton <[EMAIL PROTECTED]>
When reading corrupted reiserfs directory data, d_reclen could be a
negative number or a big positive number, this can lead to kernel panic or
oop. The following patch adds a sanity check.
Signed-off-by: Lepton Wu <[EMAIL PROTECTED]>
Cc: Chris Mason <[EMAIL PROTECTED]>
Cc: Jeff Mahoney <[EMAIL PROTECTED]>
Cc: "Vladimir V. Saveliev" <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---
fs/reiserfs/dir.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff -puN fs/reiserfs/dir.c~reiserfs-fix-kernel-panic-on-corrupted-directory
fs/reiserfs/dir.c
--- a/fs/reiserfs/dir.c~reiserfs-fix-kernel-panic-on-corrupted-directory
+++ a/fs/reiserfs/dir.c
@@ -121,6 +121,16 @@ static int reiserfs_readdir(struct file
continue;
d_reclen = entry_length(bh, ih, entry_num);
d_name = B_I_DEH_ENTRY_FILE_NAME(bh, ih, deh);
+
+ if (d_reclen <= 0 ||
+ d_name + d_reclen > bh->b_data +
bh->b_size) {
+ /* There is corrupted data in entry,
+ * We'd better stop here */
+ pathrelse(&path_to_entry);
+ ret = -EIO;
+ goto out;
+ }
+
if (!d_name[d_reclen - 1])
d_reclen = strlen(d_name);
_
Patches currently in -mm which might be from [EMAIL PROTECTED] are
reiserfs-fix-kernel-panic-on-corrupted-directory.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
