linux-hardened/fs/isofs
Andrew Morton e595447e17 [PATCH] rock.c: handle corrupted directories
The bug in rock.c is that it's totally trusting of the contents of the
directories.  If the directory says there's a continuation 10000 bytes into
this 4k block then we cheerily poke around in memory we don't own and oops.

So change rock_continue() to apply various sanity checks, at least ensuring
that the offset+length remain within the bounds for the header part of a
struct rock_ridge directory entry.

Note that the kernel can still overindex the buffer due to the variable size
of the rock-ridge directory entries.  We cannot check that in rock_continue()
unless we go parse the directory entry's signature and work out its size.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-21 19:07:38 -07:00
..
compress.c [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
dir.c [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
export.c [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
inode.c [PATCH] isofs: remove debug stuff 2005-06-21 19:07:38 -07:00
isofs.h [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
joliet.c [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
namei.c [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
rock.c [PATCH] rock.c: handle corrupted directories 2005-06-21 19:07:38 -07:00
rock.h [PATCH] rock: lindent rock.h 2005-06-21 19:07:37 -07:00
util.c [PATCH] isofs includes sanitized 2005-04-25 18:32:12 -07:00
zisofs.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00