diff options
author | Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> | 2014-04-03 14:50:31 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-04-03 16:21:26 -0700 |
commit | 0ec060d1881a24c270fdf0d6616e33e23a209ef2 (patch) | |
tree | a4c2d5ca63ffabde64759d2c238773d7114e34b7 /fs/nilfs2/dat.c | |
parent | f9f32c44e7016c61f8c60afbe461fbc7d5a6c7cc (diff) | |
download | linux-0ec060d1881a24c270fdf0d6616e33e23a209ef2.tar.gz linux-0ec060d1881a24c270fdf0d6616e33e23a209ef2.tar.bz2 linux-0ec060d1881a24c270fdf0d6616e33e23a209ef2.zip |
nilfs2: verify metadata sizes read from disk
Add code to check sizes of on-disk data of metadata files such as inode
size, segment usage size, DAT entry size, and checkpoint size. Although
these sizes are read from disk, the current implementation doesn't check
them.
If these sizes are not sane on disk, it can cause out-of-range access to
metadata or memory access overrun on metadata block buffers due to
overflow in sundry calculations.
Both lower limit and upper limit of metadata sizes are verified to
prevent these issues.
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: Andreas Rohner <andreas.rohner@gmx.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/nilfs2/dat.c')
-rw-r--r-- | fs/nilfs2/dat.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index fa0f80308c2d..0d5fada91191 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -484,6 +484,18 @@ int nilfs_dat_read(struct super_block *sb, size_t entry_size, struct nilfs_dat_info *di; int err; + if (entry_size > sb->s_blocksize) { + printk(KERN_ERR + "NILFS: too large DAT entry size: %zu bytes.\n", + entry_size); + return -EINVAL; + } else if (entry_size < NILFS_MIN_DAT_ENTRY_SIZE) { + printk(KERN_ERR + "NILFS: too small DAT entry size: %zu bytes.\n", + entry_size); + return -EINVAL; + } + dat = nilfs_iget_locked(sb, NULL, NILFS_DAT_INO); if (unlikely(!dat)) return -ENOMEM; |