ext2fs_validate_entry would read beyond the end of the block to get dirent->rec_len for certain arguments (like if blocksize == final_offset). This patch adds a check so that doesn't happen, and changes the types of the arguments to avoid a compiler warning.
Signed-off-by: Nic Case <number9652@xxxxxxxxx>
diff --git a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c
index 1f8cf8f..6be066c 100644
--- a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c
+++ b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c
@@ -29,13 +29,15 @@
* undeleted entry. Returns 1 if the deleted entry looks valid, zero
* if not valid.
*/
-static int ext2fs_validate_entry(ext2_filsys fs, char *buf, int offset,
- int final_offset)
+static int ext2fs_validate_entry(ext2_filsys fs, char *buf,
+ unsigned int offset,
+ unsigned int final_offset)
{
struct ext2_dir_entry *dirent;
int rec_len;
+ int dirent_min_len = 12;
- while (offset < final_offset) {
+ while (offset < final_offset && offset <= fs->blocksize - dirent_min_len) {
dirent = (struct ext2_dir_entry *)(buf + offset);
rec_len = (dirent->rec_len || fs->blocksize < 65536) ?
dirent->rec_len : 65536;
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
