diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-07-29 12:44:46 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-07-29 12:44:46 -0700 |
commit | 01cfb7937a9af2abb1136c7e89fbf3fd92952956 (patch) | |
tree | 2b01fbc7eb315150d5a0ed71a218e4008801138b /fs/userfaultfd.c | |
parent | a26fb01c2879ed7026e6cbd78bb701912d249eef (diff) | |
download | linux-stable-01cfb7937a9af2abb1136c7e89fbf3fd92952956.tar.gz linux-stable-01cfb7937a9af2abb1136c7e89fbf3fd92952956.tar.bz2 linux-stable-01cfb7937a9af2abb1136c7e89fbf3fd92952956.zip |
squashfs: be more careful about metadata corruption
Anatoly Trosinenko reports that a corrupted squashfs image can cause a
kernel oops. It turns out that squashfs can end up being confused about
negative fragment lengths.
The regular squashfs_read_data() does check for negative lengths, but
squashfs_read_metadata() did not, and the fragment size code just
blindly trusted the on-disk value. Fix both the fragment parsing and
the metadata reading code.
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/userfaultfd.c')
0 files changed, 0 insertions, 0 deletions