ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - bcachefs.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Liu Song <liu.song11@zte.com.cn>	2020-01-16 23:36:07 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-10-01 11:11:54 +0200
commit	581c308fdb3da96289d669a15d8699bff75071a0 (patch)
tree	54e25e03d005576023ce67b9292bd03d30fcf2ef /sound
parent	3f51f7fb4a8727dbb22ae6891f82a44ad345c7f7 (diff)

ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len

[ Upstream commit acc5af3efa303d5f36cc8c0f61716161f6ca1384 ] In “ubifs_check_node”, when the value of "node_len" is abnormal, the code will goto label of "out_len" for execution. Then, in the following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE", in "print_hex_dump", an out-of-bounds access may occur due to the wrong "ch->len". Therefore, when the value of "node_len" is abnormal, data length should to be adjusted to a reasonable safe range. At this time, structured data is not credible, so dump the corrupted data directly for analysis. Signed-off-by: Liu Song <liu.song11@zte.com.cn> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'sound')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: