iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Timo Warns 3eb8e74ec7 fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops 
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating GUID partitions (in fs/partitions/efi.c) contains
a bug that causes a kernel oops on certain corrupted GUID partition
tables.

This bug has security impacts, because it allows, for example, to
prepare a storage device that crashes a kernel subsystem upon connecting
the device (e.g., a "USB Stick of (Partial) Death").

	crc = efi_crc32((const unsigned char *) (*gpt), le32_to_cpu((*gpt)->header_size));

computes a CRC32 checksum over gpt covering (*gpt)->header_size bytes.
There is no validation of (*gpt)->header_size before the efi_crc32 call.

A corrupted partition table may have large values for (*gpt)->header_size.
 In this case, the CRC32 computation access memory beyond the memory
allocated for gpt, which may cause a kernel heap overflow.

Validate value of GUID partition table header size.

[akpm@linux-foundation.org: fix layout and indenting]
Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: Matt Domsch <Matt_Domsch@dell.com>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Cc: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-05-26 17:12:37 -07:00
..
9p
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
adfs
Fix common misspellings
2011-03-31 11:26:23 -03:00
affs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
afs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
autofs4
vfs: push dentry_unhash on rmdir into file systems
2011-05-26 07:26:47 -04:00
befs
Fix common misspellings
2011-03-31 11:26:23 -03:00
bfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
btrfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem
2011-05-26 10:50:56 -07:00
cachefiles
Fix common misspellings
2011-03-31 11:26:23 -03:00
ceph
ceph: remove unnecessary dentry_unhash calls
2011-05-26 07:26:53 -04:00
cifs
cifs: remove unnecessary dentry_unhash on rmdir/rename_dir
2011-05-26 07:26:59 -04:00
coda
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
configfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
cramfs
cramfs: generate unique inode number for better inode cache usage
2011-01-13 08:03:23 -08:00
debugfs
debugfs: move to new strtobool
2011-05-19 16:55:28 +09:30
devpts
fs/devpts/inode.c: correctly check d_alloc_name() return code in devpts_pty_new()
2011-03-22 17:44:17 -07:00
dlm
Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6
2011-05-26 13:19:00 -07:00
ecryptfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
efs
block: remove per-queue plugging
2011-03-10 08:52:07 +01:00
exofs
exofs: remove unnecessary dentry_unhash on rmdir/rename_dir
2011-05-26 07:26:57 -04:00
exportfs
vfs: Add open by file handle support
2011-03-15 02:21:44 -04:00
ext2
ext2: remove unnecessary dentry_unhash on rmdir/rename_dir
2011-05-26 07:26:56 -04:00
ext3
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem
2011-05-26 10:50:56 -07:00
ext4
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem
2011-05-26 10:50:56 -07:00
fat
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
freevxfs
treewide: fix a few typos in comments
2011-05-10 10:16:21 +02:00
fscache
fscache: remove dead code under CONFIG_WORKQUEUE_DEBUGFS
2011-05-25 08:39:44 -07:00
fuse
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
gfs2
Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6
2011-05-26 13:19:00 -07:00
hfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
hfsplus
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
hostfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
hpfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
hppfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
hugetlbfs
mm: don't access vm_flags as 'int'
2011-05-26 09:20:31 -07:00
isofs
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
jbd
jbd: Fix comment to match the code in journal_start()
2011-05-24 00:27:53 +02:00
jbd2
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2011-05-26 09:53:20 -07:00
jffs2
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
jfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
lockd
NLM: Fix "kernel BUG at fs/lockd/host.c:417!" or ".../host.c:283!"
2011-01-25 15:24:47 -05:00
logfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
minix
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
ncpfs
memcg: add the pagefault count into memcg stats
2011-05-26 17:12:36 -07:00
nfs
nfs: remove unnecessary dentry_unhash on rmdir/rename_dir
2011-05-26 07:26:57 -04:00
nfs_common
Fix common misspellings
2011-03-31 11:26:23 -03:00
nfsd
treewide: fix a few typos in comments
2011-05-10 10:16:21 +02:00
nilfs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
nls
notify
Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6
2011-04-07 11:14:49 -07:00
ntfs
Fix common misspellings
2011-03-31 11:26:23 -03:00
ocfs2
Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2
2011-05-26 10:55:15 -07:00
omfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
openpromfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
partitions
fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops
2011-05-26 17:12:37 -07:00
proc
fs/proc/vmcore.c: add hook to read_from_oldmem() to check for non-ram pages
2011-05-26 17:12:37 -07:00
pstore
pstore: fix pstore filesystem mount/remount issue
2011-05-16 11:05:00 -07:00
qnx4
block: remove per-queue plugging
2011-03-10 08:52:07 +01:00
quota
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
ramfs
ramfs: fix memleak on no-mmu arch
2011-04-14 16:06:56 -07:00
reiserfs
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
romfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
squashfs
treewide: fix a few typos in comments
2011-05-10 10:16:21 +02:00
sysfs
sysfs: remove "last sysfs file:" line from the oops messages
2011-05-13 16:05:51 -07:00
sysv
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
ubifs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
udf
vfs: push dentry_unhash on rename_dir into file systems
2011-05-26 07:26:48 -04:00
ufs
ufs: fix truncated values handling 64 bit metadata
2011-05-26 17:12:33 -07:00
xfs
Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
2011-05-26 10:49:11 -07:00
aio.c
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
anon_inodes.c
sanitize vfsmount refcounting changes
2011-01-16 13:47:07 -05:00
attr.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
bad_inode.c
fs: provide rcu-walk aware permission i_ops
2011-01-07 17:50:29 +11:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
brk: COMPAT_BRK: fix detection of randomized brk
2011-04-14 16:06:55 -07:00
binfmt_em86.c
binfmt_flat.c
CRED: Fix load_flat_shared_library() to initialise bprm correctly
2011-05-03 10:10:51 +10:00
binfmt_misc.c
convert get_sb_single() users
2010-10-29 04:16:28 -04:00
binfmt_script.c
binfmt_som.c
bio-integrity.c
block: Require subsystems to explicitly allocate bio_set integrity mempool
2011-03-17 11:11:05 +01:00
bio.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
block_dev.c
block: move bd_set_size() above rescan_partitions() in __blkdev_get()
2011-05-23 08:50:48 -07:00
buffer.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem
2011-05-26 10:50:56 -07:00
char_dev.c
Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block
2011-01-13 10:45:01 -08:00
compat_binfmt_elf.c
compat_ioctl.c
Merge branch 'tty-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6
2011-01-07 14:39:20 -08:00
compat.c
exec: unify do_execve/compat_do_execve code
2011-04-09 15:53:56 +02:00
dcache.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
dcookies.c
direct-io.c
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
drop_caches.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
eventfd.c
Docbook: add fs/eventfd.c and fix typos in it
2011-02-21 15:07:04 -08:00
eventpoll.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
exec.c
coredump: add support for exe_file in core name
2011-05-26 17:12:36 -07:00
fcntl.c
userns: rename is_owner_or_cap to inode_owner_or_capable
2011-03-23 19:47:13 -07:00
fhandle.c
fs/fhandle.c: add <linux/personality.h> for ia64
2011-04-14 16:06:56 -07:00
fifo.c
Filesystem: fifo: Fixed coding style issue.
2011-03-21 00:16:09 -04:00
file_table.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-03-16 13:26:17 -07:00
file.c
vfs: avoid large kmalloc()s for the fdtable
2011-04-28 11:28:20 -07:00
filesystems.c
fs: synchronize_rcu when unregister_filesystem success not failure
2011-04-17 10:42:01 -07:00
fs_struct.c
sanitize vfsmount refcounting changes
2011-01-16 13:47:07 -05:00
fs-writeback.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
generic_acl.c
userns: rename is_owner_or_cap to inode_owner_or_capable
2011-03-23 19:47:13 -07:00
inode.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
internal.h
fs: move i_wb_list out from under inode_lock
2011-03-24 21:17:51 -04:00
ioctl.c
vfs: cleanup do_vfs_ioctl()
2011-03-21 00:16:08 -04:00
ioprio.c
ioprio: grab rcu_read_lock in sys_ioprio_{set,get}()
2010-11-15 10:23:31 +01:00
Kconfig
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
Kconfig.binfmt
coredump: default CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
2010-10-27 18:03:12 -07:00
libfs.c
libfs: drop unneeded dentry_unhash
2011-05-26 07:26:50 -04:00
locks.c
Merge branch 'for-2.6.39' of git://linux-nfs.org/~bfields/linux
2011-03-24 08:20:39 -07:00
Makefile
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
2011-03-16 19:01:29 -07:00
mbcache.c
vmscan: change shrinker API by passing shrink_control struct
2011-05-25 08:39:26 -07:00
mpage.c
mm/fs: add hooks to support cleancache
2011-05-26 10:01:43 -06:00
namei.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-05-26 09:52:14 -07:00
namespace.c
fs/namespace.c: bound mount propagation fix
2011-05-26 07:26:44 -04:00
nfsctl.c
open-style analog of vfs_path_lookup()
2011-03-14 09:15:28 -04:00
no-block.c
open.c
fs: Use BUG_ON(!mnt) at dentry_open().
2011-03-21 01:10:41 -04:00
pipe.c
Fix broken "pipe: use event aware wakeups" optimization
2011-01-20 16:21:59 -08:00
pnode.c
fs: scale mntget/mntput
2011-01-07 17:50:33 +11:00
pnode.h
posix_acl.c
NFS: Prevent memory allocation failure in nfsacl_encode()
2011-01-25 15:24:47 -05:00
read_write.c
fix signedness mess in rw_verify_area() on 64bit architectures
2011-01-12 20:06:58 -05:00
read_write.h
readdir.c
select.c
select: remove unused MAX_SELECT_SECONDS
2011-03-21 00:16:08 -04:00
seq_file.c
fs: take dcache_lock inside __d_path
2010-10-25 21:26:12 -04:00
signalfd.c
Merge branch 'hwpoison' of git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-mce-2.6
2010-10-26 10:13:10 -07:00
splice.c
splice: add wakeup_pipe_readers()
2011-05-23 19:58:53 +02:00
stack.c
stat.c
readlinkat(), fchownat() and fstatat() with empty relative pathnames
2011-03-15 02:21:45 -04:00
statfs.c
clean statfs-like syscalls up
2011-03-14 09:15:28 -04:00
super.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/djm/tmem
2011-05-26 10:50:56 -07:00
sync.c
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
timerfd.c
timerfd: Manage cancelable timers in timerfd
2011-05-23 13:59:53 +02:00
utimes.c
userns: rename is_owner_or_cap to inode_owner_or_capable
2011-03-23 19:47:13 -07:00
xattr_acl.c
xattr.c
vfs: Pass setxattr(2) flags properly
2011-04-21 07:34:44 -07:00