| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jun 2023 11:22:54 +0800 From: Wenchao Hao <haowenchao2@...wei.com> To: Jan Kara <jack@...e.com>, <linux-kernel@...r.kernel.org> CC: <linfeilong@...wei.com>, Wenchao Hao <haowenchao2@...wei.com> Subject: [PATCH 2/2] udf:check if buffer head's data when getting lvidiu We can not always assume udf_sb_info->s_lvid_bh's data is valid. If the data is corrupted, we would get an incorrect offset and cause the following code access an illegal address. Signed-off-by: Wenchao Hao <haowenchao2@...wei.com> --- fs/udf/super.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/udf/super.c b/fs/udf/super.c index 6304e3c5c3d9..71481b60c871 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -114,6 +114,8 @@ struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct super_block *sb) if (!UDF_SB(sb)->s_lvid_bh) return NULL; + if (!udf_check_tagged_bh(sb, UDF_SB(sb)->s_lvid_bh)) + return NULL; lvid = (struct logicalVolIntegrityDesc *)UDF_SB(sb)->s_lvid_bh->b_data; partnum = le32_to_cpu(lvid->numOfPartitions); /* The offset is to skip freeSpaceTable and sizeTable arrays */ -- 2.35.3
Powered by blists - more mailing lists