projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
isofs: Fix unchecked printing of ER records
[firefly-linux-kernel-4.4.55.git] / fs / isofs / rock.c
diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
index bb63254ed8486f42200230b4bbaa80257f92700d..735d7522a3a911f19af593d6b5f7d366d6cf448d 100644 (file)
--- a/fs/isofs/rock.c
+++ b/fs/isofs/rock.c
@@ -362,6 +362,9 @@ repeat:
                        rs.cont_size = isonum_733(rr->u.CE.size);
                        break;
                case SIG('E', 'R'):
+                       /* Invalid length of ER tag id? */
+                       if (rr->u.ER.len_id + offsetof(struct rock_ridge, u.ER.data) > rr->len)
+                               goto out;
                        ISOFS_SB(inode->i_sb)->s_rock = 1;
                        printk(KERN_DEBUG "ISO 9660 Extensions: ");
                        {
Unnamed repository; edit this file 'description' to name the repository.