diff options
author | Phillip Lougher <phillip@lougher.demon.co.uk> | 2011-05-24 05:45:33 +0200 |
---|---|---|
committer | Phillip Lougher <phillip@lougher.demon.co.uk> | 2011-05-25 19:21:33 +0200 |
commit | 1094a4a6118019255bf0e4adaa96bb17ccec3a82 (patch) | |
tree | 06a8f2667681ae591e3a35c16c33fe4830d9b75f /fs/squashfs/super.c | |
parent | Squashfs: add sanity checks to fragment reading at mount time (diff) | |
download | linux-1094a4a6118019255bf0e4adaa96bb17ccec3a82.tar.xz linux-1094a4a6118019255bf0e4adaa96bb17ccec3a82.zip |
Squashfs: add extra sanity checks at mount time
Add some extra sanity checks of the inode and directory structures.
Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
Diffstat (limited to 'fs/squashfs/super.c')
-rw-r--r-- | fs/squashfs/super.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c index efa8118260d4..984d6c861928 100644 --- a/fs/squashfs/super.c +++ b/fs/squashfs/super.c @@ -268,7 +268,7 @@ allocate_id_index_table: handle_fragments: fragments = le32_to_cpu(sblk->fragments); if (fragments == 0) - goto allocate_root; + goto check_directory_table; msblk->fragment_cache = squashfs_cache_init("fragment", SQUASHFS_CACHED_FRAGMENTS, msblk->block_size); @@ -286,8 +286,22 @@ handle_fragments: msblk->fragment_index = NULL; goto failed_mount; } + next_table = msblk->fragment_index[0]; -allocate_root: +check_directory_table: + /* Sanity check directory_table */ + if (msblk->directory_table >= next_table) { + err = -EINVAL; + goto failed_mount; + } + + /* Sanity check inode_table */ + if (msblk->inode_table >= msblk->directory_table) { + err = -EINVAL; + goto failed_mount; + } + + /* allocate root */ root = new_inode(sb); if (!root) { err = -ENOMEM; |