Skip to content

Commit

Permalink
udf: Detect incorrect directory size
Browse files Browse the repository at this point in the history 
Detect when a directory entry is (possibly partially) beyond directory
size and return EIO in that case since it means the filesystem is
corrupted. Otherwise directory operations can further corrupt the
directory and possibly also oops the kernel.

CC: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
CC: stable@vger.kernel.org
Reported-and-tested-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
  • Loading branch information
@jankara
jankara committed Jun 20, 2018
1 parent 27e6ed5 commit fa65653
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions fs/udf/directory.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,9 @@ struct fileIdentDesc *udf_fileident_read(struct inode *dir, loff_t *nf_pos,
sizeof(struct fileIdentDesc));
}
}
/* Got last entry outside of dir size - fs is corrupted! */
if (*nf_pos > dir->i_size)
return NULL;
return fi;
}

Expand Down

0 comments on commit fa65653

Please sign in to comment.