| Message ID | 1483736083-25193-3-git-send-email-fabf@skynet.be (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri 06-01-17 21:54:43, Fabian Frederick wrote: > We were checking block number without checking partition. > sbi->s_partmaps[iloc->partitionReferenceNum] could lead to > bad memory access. See udf_nfs_get_inode() path for instance. > > Signed-off-by: Fabian Frederick <fabf@skynet.be> Thanks. Applied. Honza > --- > fs/udf/inode.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/fs/udf/inode.c b/fs/udf/inode.c > index 47638eb..3926973 100644 > --- a/fs/udf/inode.c > +++ b/fs/udf/inode.c > @@ -1276,6 +1276,12 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode) > int ret = -EIO; > > reread: > + if (iloc->partitionReferenceNum >= sbi->s_partitions) { > + udf_debug("partition reference: %d > logical volume partitions: %d\n", > + iloc->partitionReferenceNum, sbi->s_partitions); > + return -EIO; > + } > + > if (iloc->logicalBlockNum >= > sbi->s_partmaps[iloc->partitionReferenceNum].s_partition_len) { > udf_debug("block=%d, partition=%d out of range\n", > -- > 2.7.4 > >
diff --git a/fs/udf/inode.c b/fs/udf/inode.c index 47638eb..3926973 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -1276,6 +1276,12 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode) int ret = -EIO; reread: + if (iloc->partitionReferenceNum >= sbi->s_partitions) { + udf_debug("partition reference: %d > logical volume partitions: %d\n", + iloc->partitionReferenceNum, sbi->s_partitions); + return -EIO; + } + if (iloc->logicalBlockNum >= sbi->s_partmaps[iloc->partitionReferenceNum].s_partition_len) { udf_debug("block=%d, partition=%d out of range\n",
We were checking block number without checking partition. sbi->s_partmaps[iloc->partitionReferenceNum] could lead to bad memory access. See udf_nfs_get_inode() path for instance. Signed-off-by: Fabian Frederick <fabf@skynet.be> --- fs/udf/inode.c | 6 ++++++ 1 file changed, 6 insertions(+)