From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Cezary Sliwa <sliwa@ifpan.edu.pl>,
Jan Kara <jack@suse.cz>,
Sasha Levin <alexander.levin@verizon.com>
Subject: [PATCH 3.18 66/69] udf: Avoid overflow when session starts at large offset
Date: Mon, 18 Dec 2017 16:48:52 +0100 [thread overview]
Message-ID: <20171218152748.816820852@linuxfoundation.org> (raw)
In-Reply-To: <20171218152735.055508271@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
[ Upstream commit abdc0eb06964fe1d2fea6dd1391b734d0590365d ]
When session starts beyond offset 2^31 the arithmetics in
udf_check_vsd() would overflow. Make sure the computation is done in
large enough type.
Reported-by: Cezary Sliwa <sliwa@ifpan.edu.pl>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/udf/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -706,7 +706,7 @@ static loff_t udf_check_vsd(struct super
else
sectorsize = sb->s_blocksize;
- sector += (sbi->s_session << sb->s_blocksize_bits);
+ sector += (((loff_t)sbi->s_session) << sb->s_blocksize_bits);
udf_debug("Starting at sector %u (%ld byte sectors)\n",
(unsigned int)(sector >> sb->s_blocksize_bits),
next prev parent reply other threads:[~2017-12-18 15:48 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-18 15:47 [PATCH 3.18 00/69] 3.18.89-stable review Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 01/69] crypto: hmac - require that the underlying hash algorithm is unkeyed Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 02/69] crypto: salsa20 - fix blkcipher_walk API usage Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 03/69] autofs: fix careless error in recent commit Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 04/69] USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 05/69] USB: core: prevent malicious bNumInterfaces overflow Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 06/69] usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 07/69] xhci: Dont add a virt_dev to the devs array before its fully allocated Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 08/69] ext4: fix crash when a directorys i_size is too small Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 09/69] Dont leak a key reference if request_key() tries to use a revoked keyring Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 10/69] KEYS: Dont permit request_key() to construct a new keyring Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 12/69] usb: phy: isp1301: Add OF device ID table Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 3.18 13/69] net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 14/69] net: bcmgenet: correct MIB access of UniMAC RUNT counters Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 15/69] net: bcmgenet: Power up the internal PHY before probing the MII Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 16/69] NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 17/69] NFSD: fix nfsd_reset_versions for NFSv4 Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 18/69] Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 19/69] net: wimax/i2400m: fix NULL-deref at probe Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 20/69] dmaengine: Fix array index out of bounds warning in __get_unmap_pool() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 21/69] net: Resend IGMP memberships upon peer notification Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 22/69] openrisc: fix issue handling 8 byte get_user calls Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 24/69] sched/deadline: Use deadline instead of period when calculating overflow Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 25/69] drm/radeon: reinstate oland workaround for sclk Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 26/69] afs: Fix missing put_page() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 27/69] afs: Populate group ID from vnode status Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 28/69] afs: Adjust mode bits processing Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 29/69] afs: Flush outstanding writes when an fd is closed Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 30/69] afs: Fix the maths in afs_fs_store_data() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 31/69] afs: Populate and use client modification time Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 32/69] afs: Fix page leak in afs_write_begin() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 33/69] afs: Fix afs_kill_pages() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 34/69] perf symbols: Fix symbols__fixup_end heuristic for corner cases Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 35/69] NFSv4.1 respect servers max size in CREATE_SESSION Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 36/69] btrfs: add missing memset while reading compressed inline extents Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 37/69] target: Use system workqueue for ALUA transitions Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 38/69] fbdev: controlfb: Add missing modes to fix out of bounds access Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 39/69] video: udlfb: Fix read EDID timeout Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 40/69] video: fbdev: au1200fb: Release some resources if a memory allocation fails Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 41/69] video: fbdev: au1200fb: Return an error code " Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 42/69] PCI/PME: Handle invalid data when reading Root Status Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 43/69] powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 44/69] powerpc/opal: Fix EBUSY bug in acquiring tokens Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 45/69] powerpc/ipic: Fix status get and status clear Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 46/69] platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 47/69] target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 48/69] iscsi-target: fix memory leak in lio_target_tiqn_addtpg() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 49/69] target:fix condition return in core_pr_dump_initiator_port() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 50/69] target/file: Do not return error for UNMAP if length is zero Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 51/69] arm-ccn: perf: Prevent module unload while PMU is in use Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 52/69] mm: Handle 0 flags in _calc_vm_trans() macro Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 54/69] ppp: Destroy the mutex when cleanup Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 56/69] GFS2: Take inode off order_write list when setting jdata flag Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 57/69] bcache: explicitly destroy mutex while exiting Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 58/69] bcache: fix wrong cache_misses statistics Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 59/69] xfs: fix log block underflow during recovery cycle verification Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 60/69] PCI: Detach driver before procfs & sysfs teardown on device remove Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 61/69] tty fix oops when rmmod 8250 Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 62/69] pinctrl: adi2: Fix Kconfig build problem Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 63/69] raid5: Set R5_Expanded on parity devices as well as data Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 64/69] scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 65/69] scsi: bfa: integer overflow in debugfs Greg Kroah-Hartman
2017-12-18 15:48 ` Greg Kroah-Hartman [this message]
2017-12-18 15:48 ` [PATCH 3.18 67/69] macvlan: Only deliver one copy of the frame to the macvlan interface Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 3.18 69/69] usb: musb: da8xx: fix babble condition handling Greg Kroah-Hartman
2017-12-18 20:25 ` [PATCH 3.18 00/69] 3.18.89-stable review Shuah Khan
2017-12-19 14:34 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171218152748.816820852@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@verizon.com \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=sliwa@ifpan.edu.pl \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).