[kernel] r19248 - in dists/sid/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at alioth.debian.org
Fri Jul 13 03:19:27 UTC 2012
Author: benh
Date: Fri Jul 13 03:19:25 2012
New Revision: 19248
Log:
udf: Improve table length check to avoid possible overflow
Added:
dists/sid/linux/debian/patches/bugfix/all/udf-Improve-table-length-check-to-avoid-possible-underflow.patch
Modified:
dists/sid/linux/debian/changelog
dists/sid/linux/debian/patches/series
Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog Fri Jul 13 03:18:35 2012 (r19247)
+++ dists/sid/linux/debian/changelog Fri Jul 13 03:19:25 2012 (r19248)
@@ -31,6 +31,7 @@
* Update Czech debconf template translations (Michal Simunek)
(Closes: #679674)
* linux-image: Remove versioned relations where stable version is new enough
+ * udf: Improve table length check to avoid possible overflow
-- Ben Hutchings <ben at decadent.org.uk> Fri, 29 Jun 2012 15:01:22 +0100
Added: dists/sid/linux/debian/patches/bugfix/all/udf-Improve-table-length-check-to-avoid-possible-underflow.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux/debian/patches/bugfix/all/udf-Improve-table-length-check-to-avoid-possible-underflow.patch Fri Jul 13 03:19:25 2012 (r19248)
@@ -0,0 +1,29 @@
+From: Jan Kara <jack at suse.cz>
+Date: Tue, 10 Jul 2012 17:58:04 +0200
+Subject: udf: Improve table length check to avoid possible overflow
+
+When a partition table length is corrupted to be close to 1 << 32, the
+check for its length may overflow on 32-bit systems and we will think
+the length is valid. Later on the kernel can crash trying to read beyond
+end of buffer. Fix the check to avoid possible overflow.
+
+CC: stable at vger.kernel.org
+Reported-by: Ben Hutchings <ben at decadent.org.uk>
+Signed-off-by: Jan Kara <jack at suse.cz>
+---
+ fs/udf/super.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/fs/udf/super.c b/fs/udf/super.c
+index 8a75838..dcbf987 100644
+--- a/fs/udf/super.c
++++ b/fs/udf/super.c
+@@ -1340,7 +1340,7 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
+ BUG_ON(ident != TAG_IDENT_LVD);
+ lvd = (struct logicalVolDesc *)bh->b_data;
+ table_len = le32_to_cpu(lvd->mapTableLength);
+- if (sizeof(*lvd) + table_len > sb->s_blocksize) {
++ if (table_len > sb->s_blocksize - sizeof(*lvd)) {
+ udf_err(sb, "error loading logical volume descriptor: "
+ "Partition table too long (%u > %lu)\n", table_len,
+ sb->s_blocksize - sizeof(*lvd));
Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series Fri Jul 13 03:18:35 2012 (r19247)
+++ dists/sid/linux/debian/patches/series Fri Jul 13 03:19:25 2012 (r19248)
@@ -370,3 +370,4 @@
debian/driver-core-avoid-ABI-change-for-removal-of-__must_check.patch
bugfix/all/scsi-Silence-unnecessary-warnings-about-ioctl-to-par.patch
+bugfix/all/udf-Improve-table-length-check-to-avoid-possible-underflow.patch
More information about the Kernel-svn-changes
mailing list