From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Message-ID: <50EEF453.9040106@windriver.com>
Date: Thu, 10 Jan 2013 12:03:15 -0500
From: Paul Gortmaker <paul.gortmaker@windriver.com>
MIME-Version: 1.0
To: Ben Hutchings <ben@decadent.org.uk>
CC: <stable@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	Jan Kara <jack@suse.cz>
Subject: Re: [v2.6.34-stable 60/77] udf: Avoid run away loop when partition
 table length is corrupted
References: <1357688156-25387-1-git-send-email-paul.gortmaker@windriver.com>  <1357688156-25387-61-git-send-email-paul.gortmaker@windriver.com> <1357829004.4514.1.camel@deadeye.wl.decadent.org.uk>
In-Reply-To: <1357829004.4514.1.camel@deadeye.wl.decadent.org.uk>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On 13-01-10 09:43 AM, Ben Hutchings wrote:
> On Tue, 2013-01-08 at 18:35 -0500, Paul Gortmaker wrote:
>> From: Jan Kara <jack@suse.cz>
>>
>>                    -------------------
>>     This is a commit scheduled for the next v2.6.34 longterm release.
>>     http://git.kernel.org/?p=linux/kernel/git/paulg/longterm-queue-2.6.34.git
>>     If you see a problem with using this for longterm, please comment.
>>                    -------------------
>>
>> commit adee11b2085bee90bd8f4f52123ffb07882d6256 upstream.
>>
>> Check provided length of partition table so that (possibly maliciously)
>> corrupted partition table cannot cause accessing data beyond current buffer.
>>
>> Signed-off-by: Jan Kara <jack@suse.cz>
>> [PG: in 2.6.34 udf_err() is called udf_error()]
>> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
> [...]
> 
> There's a follow-up I think you should add:
> 
> commit 57b9655d01ef057a523e810d29c37ac09b80eead
> Author: Jan Kara <jack@suse.cz>
> Date:   Tue Jul 10 17:58:04 2012 +0200
> 
>     udf: Improve table length check to avoid possible overflow
> 
> Ben.

Thanks Ben for the review and the addition; I've queued this
one as well.

Paul.
--

>