Jan Kara 86d4aedcbc isofs: Fix out of bound access for corrupted isofs image ...

commit e96a1866b4 upstream.

When isofs image is suitably corrupted isofs_read_inode() can read data
beyond the end of buffer. Sanity-check the directory entry length before
using it.

Reported-and-tested-by: syzbot+6fc7fb214625d82af7d1@syzkaller.appspotmail.com
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2021-11-12 14:58:33 +01:00

..

compress.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 142

2019-05-30 11:25:17 -07:00

dir.c

isofs: release buffer head before return

2021-03-04 11:38:00 +01:00

export.c

docs: fs: convert docs without extension to ReST

2019-07-31 13:31:05 -06:00

inode.c

isofs: Fix out of bound access for corrupted isofs image

2021-11-12 14:58:33 +01:00

isofs.h

isofs: joliet: Fix iocharset=utf8 mount option

2021-09-15 09:50:25 +02:00

joliet.c

isofs: joliet: Fix iocharset=utf8 mount option

2021-09-15 09:50:25 +02:00

Kconfig

docs: filesystems: fix renamed references

2020-04-20 15:45:22 -06:00

Makefile

…

namei.c

isofs: release buffer head before return

2021-03-04 11:38:00 +01:00

rock.c

…

rock.h

fs: Replace zero-length array with flexible-array member

2020-10-29 17:22:59 -05:00

util.c

Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

2017-11-14 14:13:11 -08:00

zisofs.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 142

2019-05-30 11:25:17 -07:00