udf: Verify i_size when loading inode
Verify that inode size is sane when loading inode with data stored in ICB. Otherwise we may get confused later when working with the inode and inode size is too big. CC: stable@vger.kernel.org Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no> Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
Jan Kara
parent
4e2024624e
commit
e159332b9a
1 changed files with 14 additions and 0 deletions
|
|
@ -1489,6 +1489,20 @@ reread:
|
|||
}
|
||||
inode->i_generation = iinfo->i_unique;
|
||||
|
||||
/* Sanity checks for files in ICB so that we don't get confused later */
|
||||
if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
|
||||
/*
|
||||
* For file in ICB data is stored in allocation descriptor
|
||||
* so sizes should match
|
||||
*/
|
||||
if (iinfo->i_lenAlloc != inode->i_size)
|
||||
goto out;
|
||||
/* File in ICB has to fit in there... */
|
||||
if (inode->i_size > inode->i_sb->s_blocksize -
|
||||
udf_file_entry_alloc_offset(inode))
|
||||
goto out;
|
||||
}
|
||||
|
||||
switch (fe->icbTag.fileType) {
|
||||
case ICBTAG_FILE_TYPE_DIRECTORY:
|
||||
inode->i_op = &udf_dir_inode_operations;
|
||||
|
|
|
|||
Loading…
Reference in a new issue