From: Fabian Frederick <fabf@skynet.be>
To: Jan Kara <jack@suse.com>
Cc: fabf@skynet.be, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: [PATCH 12/12 linux-next] udf: check partition reference in udf_read_inode()
Date: Fri, 6 Jan 2017 21:54:43 +0100 [thread overview]
Message-ID: <1483736083-25193-3-git-send-email-fabf@skynet.be> (raw)
In-Reply-To: <1483736083-25193-1-git-send-email-fabf@skynet.be>
We were checking block number without checking partition.
sbi->s_partmaps[iloc->partitionReferenceNum] could lead to
bad memory access. See udf_nfs_get_inode() path for instance.
Signed-off-by: Fabian Frederick <fabf@skynet.be>
---
fs/udf/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 47638eb..3926973 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1276,6 +1276,12 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode)
int ret = -EIO;
reread:
+ if (iloc->partitionReferenceNum >= sbi->s_partitions) {
+ udf_debug("partition reference: %d > logical volume partitions: %d\n",
+ iloc->partitionReferenceNum, sbi->s_partitions);
+ return -EIO;
+ }
+
if (iloc->logicalBlockNum >=
sbi->s_partmaps[iloc->partitionReferenceNum].s_partition_len) {
udf_debug("block=%d, partition=%d out of range\n",
--
2.7.4
next prev parent reply other threads:[~2017-01-06 20:54 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-06 20:53 [PATCH 00/12 linux-next] udf: clean-up Fabian Frederick
2017-01-06 20:53 ` [PATCH 01/12 linux-next] udf: use __packed instead of __attribute__ ((packed)) Fabian Frederick
2017-01-10 10:29 ` Jan Kara
2017-01-06 20:53 ` [PATCH 02/12 linux-next] udf: use pointer for kernel_long_ad argument Fabian Frederick
2017-01-10 10:33 ` Jan Kara
2017-01-06 20:53 ` [PATCH 03/12 linux-next] udf: merge bh free Fabian Frederick
2017-01-10 10:36 ` Jan Kara
2017-01-06 20:53 ` [PATCH 04/12 linux-next] udf: remove unneeded line break Fabian Frederick
2017-01-10 10:37 ` Jan Kara
2017-01-06 20:53 ` [PATCH 05/12 linux-next] udf: remove empty condition Fabian Frederick
2017-01-10 10:37 ` Jan Kara
2017-01-06 20:53 ` [PATCH 06/12 linux-next] udf: add udf_ajust_time Fabian Frederick
2017-01-10 10:44 ` Jan Kara
2017-01-06 20:53 ` [PATCH 07/12 linux-next] udf: store allocation offset in udf_prealloc_extents() Fabian Frederick
2017-01-10 10:53 ` Jan Kara
2017-01-06 20:53 ` [PATCH 08/12 linux-next] udf: remove next_epos from udf_update_extent_cache() Fabian Frederick
2017-01-10 10:55 ` Jan Kara
2017-01-06 20:53 ` [PATCH 09/12 linux-next] udf: merge module informations in super.c Fabian Frederick
2017-01-10 10:55 ` Jan Kara
2017-01-06 20:54 ` [PATCH 10/12 linux-next] udf: atomically read inode size Fabian Frederick
2017-01-06 20:54 ` [PATCH 11/12 linux-next] udf: replace 0xFFFFFFFF by ~0 Fabian Frederick
2017-01-06 20:54 ` Fabian Frederick [this message]
2017-01-10 10:59 ` [PATCH 12/12 linux-next] udf: check partition reference in udf_read_inode() Jan Kara
2017-01-10 10:57 ` [PATCH 10/12 linux-next] udf: atomically read inode size Jan Kara
2017-01-10 11:00 ` [PATCH 00/12 linux-next] udf: clean-up Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1483736083-25193-3-git-send-email-fabf@skynet.be \
--to=fabf@skynet.be \
--cc=jack@suse.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).