summaryrefslogtreecommitdiffstats
path: root/fs/ubifs/recovery.c
diff options
context:
space:
mode:
authorZhihao Cheng <chengzhihao1@huawei.com>2020-06-16 09:11:44 +0200
committerRichard Weinberger <richard@nod.at>2020-12-13 22:12:32 +0100
commita33e30a0e023e9d1866866ca895c7789f48445e7 (patch)
tree383b2fd9b04365a17ed31c4b624d278cf8e23607 /fs/ubifs/recovery.c
parentRevert "ubifs: Fix out-of-bounds memory access caused by abnormal value of no... (diff)
downloadlinux-a33e30a0e023e9d1866866ca895c7789f48445e7.tar.xz
linux-a33e30a0e023e9d1866866ca895c7789f48445e7.zip
ubifs: Pass node length in all node dumping callers
Function ubifs_dump_node() has been modified to avoid memory oob accessing while dumping node, node length (corresponding to the size of allocated memory for node) should be passed into all node dumping callers. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/recovery.c')
-rw-r--r--fs/ubifs/recovery.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/ubifs/recovery.c b/fs/ubifs/recovery.c
index f116f7b3f9e5..f0d51dd21c9e 100644
--- a/fs/ubifs/recovery.c
+++ b/fs/ubifs/recovery.c
@@ -352,11 +352,11 @@ out_free:
ubifs_err(c, "failed to recover master node");
if (mst1) {
ubifs_err(c, "dumping first master node");
- ubifs_dump_node(c, mst1);
+ ubifs_dump_node(c, mst1, c->leb_size - ((void *)mst1 - buf1));
}
if (mst2) {
ubifs_err(c, "dumping second master node");
- ubifs_dump_node(c, mst2);
+ ubifs_dump_node(c, mst2, c->leb_size - ((void *)mst2 - buf2));
}
vfree(buf2);
vfree(buf1);
@@ -469,7 +469,7 @@ static int no_more_nodes(const struct ubifs_info *c, void *buf, int len,
* The area after the common header size is not empty, so the common
* header must be intact. Check it.
*/
- if (ubifs_check_node(c, buf, lnum, offs, 1, 0) != -EUCLEAN) {
+ if (ubifs_check_node(c, buf, len, lnum, offs, 1, 0) != -EUCLEAN) {
dbg_rcvry("unexpected bad common header at %d:%d", lnum, offs);
return 0;
}