On Sun, 2018-07-01 at 18:02 +0200, Greg Kroah-Hartman wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Jan Kara <jack@xxxxxxx> > > commit fa65653e575fbd958bdf5fb9c4a71a324e39510d upstream. > > Detect when a directory entry is (possibly partially) beyond directory > size and return EIO in that case since it means the filesystem is > corrupted. Otherwise directory operations can further corrupt the > directory and possibly also oops the kernel. [...] > --- a/fs/udf/directory.c > +++ b/fs/udf/directory.c > @@ -150,6 +150,9 @@ struct fileIdentDesc *udf_fileident_read > sizeof(struct fileIdentDesc)); > } > } > + /* Got last entry outside of dir size - fs is corrupted! */ > + if (*nf_pos > dir->i_size) > + return NULL; > return fi; > } > Is the same check needed when iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB? Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom
