summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhillip Lougher <phillip@lougher.demon.co.uk>2011-05-24 05:45:33 +0200
committerPhillip Lougher <phillip@lougher.demon.co.uk>2011-05-25 19:21:33 +0200
commit1094a4a6118019255bf0e4adaa96bb17ccec3a82 (patch)
tree06a8f2667681ae591e3a35c16c33fe4830d9b75f
parentSquashfs: add sanity checks to fragment reading at mount time (diff)
downloadlinux-1094a4a6118019255bf0e4adaa96bb17ccec3a82.tar.xz
linux-1094a4a6118019255bf0e4adaa96bb17ccec3a82.zip
Squashfs: add extra sanity checks at mount time
Add some extra sanity checks of the inode and directory structures. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
-rw-r--r--fs/squashfs/super.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c
index efa8118260d4..984d6c861928 100644
--- a/fs/squashfs/super.c
+++ b/fs/squashfs/super.c
@@ -268,7 +268,7 @@ allocate_id_index_table:
handle_fragments:
fragments = le32_to_cpu(sblk->fragments);
if (fragments == 0)
- goto allocate_root;
+ goto check_directory_table;
msblk->fragment_cache = squashfs_cache_init("fragment",
SQUASHFS_CACHED_FRAGMENTS, msblk->block_size);
@@ -286,8 +286,22 @@ handle_fragments:
msblk->fragment_index = NULL;
goto failed_mount;
}
+ next_table = msblk->fragment_index[0];
-allocate_root:
+check_directory_table:
+ /* Sanity check directory_table */
+ if (msblk->directory_table >= next_table) {
+ err = -EINVAL;
+ goto failed_mount;
+ }
+
+ /* Sanity check inode_table */
+ if (msblk->inode_table >= msblk->directory_table) {
+ err = -EINVAL;
+ goto failed_mount;
+ }
+
+ /* allocate root */
root = new_inode(sb);
if (!root) {
err = -ENOMEM;