| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 May 2011 20:57:32 +0200
From: Jonas Gorski <jonas.gorski@...il.com>
To: Phillip Lougher <phillip@...gher.demon.co.uk>
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH] squashfs: Fix sanity checks for big endian systems
Fix a regression introduced in 37986f63c81bf23c856f65fc5e4830550e7f3d5b to
1094a4a6118019255bf0e4adaa96bb17ccec3a82 ("add sanity checks ..."):
squashfs_sb_info's id_table, fragment_index, xattr_id_table and
inode_lookup_table are stored in little endian and need to be read as such.
This was done correct mostly except when doing the sanity checks and
reading the superblock, resulting in squashfs aborting on big endian systems.
Signed-off-by: Jonas Gorski <jonas.gorski@...il.com>
---
fs/squashfs/export.c | 2 +-
fs/squashfs/fragment.c | 2 +-
fs/squashfs/id.c | 2 +-
fs/squashfs/super.c | 6 +++---
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/squashfs/export.c b/fs/squashfs/export.c
index 730c562..5e1101f 100644
--- a/fs/squashfs/export.c
+++ b/fs/squashfs/export.c
@@ -147,7 +147,7 @@ __le64 *squashfs_read_inode_lookup_table(struct super_block *sb,
* table[0] points to the first inode lookup table metadata block,
* this should be less than lookup_table_start
*/
- if (!IS_ERR(table) && table[0] >= lookup_table_start) {
+ if (!IS_ERR(table) && le64_to_cpu(table[0]) >= lookup_table_start) {
kfree(table);
return ERR_PTR(-EINVAL);
}
diff --git a/fs/squashfs/fragment.c b/fs/squashfs/fragment.c
index 1516a649..0ed6edb 100644
--- a/fs/squashfs/fragment.c
+++ b/fs/squashfs/fragment.c
@@ -90,7 +90,7 @@ __le64 *squashfs_read_fragment_index_table(struct super_block *sb,
* table[0] points to the first fragment table metadata block, this
* should be less than fragment_table_start
*/
- if (!IS_ERR(table) && table[0] >= fragment_table_start) {
+ if (!IS_ERR(table) && le64_to_cpu(table[0]) >= fragment_table_start) {
kfree(table);
return ERR_PTR(-EINVAL);
}
diff --git a/fs/squashfs/id.c b/fs/squashfs/id.c
index a70858e..d38ea3d 100644
--- a/fs/squashfs/id.c
+++ b/fs/squashfs/id.c
@@ -93,7 +93,7 @@ __le64 *squashfs_read_id_index_table(struct super_block *sb,
* table[0] points to the first id lookup table metadata block, this
* should be less than id_table_start
*/
- if (!IS_ERR(table) && table[0] >= id_table_start) {
+ if (!IS_ERR(table) && le64_to_cpu(table[0]) >= id_table_start) {
kfree(table);
return ERR_PTR(-EINVAL);
}
diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c
index 6f26abe..7438850 100644
--- a/fs/squashfs/super.c
+++ b/fs/squashfs/super.c
@@ -245,7 +245,7 @@ allocate_id_index_table:
msblk->id_table = NULL;
goto failed_mount;
}
- next_table = msblk->id_table[0];
+ next_table = le64_to_cpu(msblk->id_table[0]);
/* Handle inode lookup table */
lookup_table_start = le64_to_cpu(sblk->lookup_table_start);
@@ -261,7 +261,7 @@ allocate_id_index_table:
msblk->inode_lookup_table = NULL;
goto failed_mount;
}
- next_table = msblk->inode_lookup_table[0];
+ next_table = le64_to_cpu(msblk->inode_lookup_table[0]);
sb->s_export_op = &squashfs_export_ops;
@@ -286,7 +286,7 @@ handle_fragments:
msblk->fragment_index = NULL;
goto failed_mount;
}
- next_table = msblk->fragment_index[0];
+ next_table = le64_to_cpu(msblk->fragment_index[0]);
check_directory_table:
/* Sanity check directory_table */
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists