aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhillip Lougher <phillip@lougher.demon.co.uk>2011-05-24 03:20:27 +0100
committerPhillip Lougher <phillip@lougher.demon.co.uk>2011-05-25 18:21:31 +0100
commit6f04864515365e135adc9f1cee4ac1251bb0ed35 (patch)
treef5c6181d52217b66606cc878536b2225c692f25a
parent76e002f755b61aa79228f4e751bbca8674aba0f6 (diff)
downloadkernel_samsung_aries-6f04864515365e135adc9f1cee4ac1251bb0ed35.zip
kernel_samsung_aries-6f04864515365e135adc9f1cee4ac1251bb0ed35.tar.gz
kernel_samsung_aries-6f04864515365e135adc9f1cee4ac1251bb0ed35.tar.bz2
Squashfs: add sanity checks to xattr reading at mount time
These checks add sanity checking of the mount-time xattr structures. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
-rw-r--r--fs/squashfs/xattr_id.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/fs/squashfs/xattr_id.c b/fs/squashfs/xattr_id.c
index 51a7bd0..f60fb3c 100644
--- a/fs/squashfs/xattr_id.c
+++ b/fs/squashfs/xattr_id.c
@@ -76,6 +76,17 @@ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 start,
*xattr_table_start = le64_to_cpu(id_table->xattr_table_start);
*xattr_ids = le32_to_cpu(id_table->xattr_ids);
kfree(id_table);
+
+ /* Sanity check values */
+
+ /* there is always at least one xattr id */
+ if (*xattr_ids == 0)
+ return ERR_PTR(-EINVAL);
+
+ /* xattr_table should be less than start */
+ if (*xattr_table_start >= start)
+ return ERR_PTR(-EINVAL);
+
len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids);
TRACE("In read_xattr_index_table, length %d\n", len);