Searched hist:acc5af3e (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/fs/ubifs/ |
H A D | io.c | acc5af3e Thu Jan 16 09:36:07 CST 2020 Liu Song <liu.song11@zte.com.cn> ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
In “ubifs_check_node”, when the value of "node_len" is abnormal, the code will goto label of "out_len" for execution. Then, in the following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE", in "print_hex_dump", an out-of-bounds access may occur due to the wrong "ch->len".
Therefore, when the value of "node_len" is abnormal, data length should to be adjusted to a reasonable safe range. At this time, structured data is not credible, so dump the corrupted data directly for analysis.
Signed-off-by: Liu Song <liu.song11@zte.com.cn> Signed-off-by: Richard Weinberger <richard@nod.at> acc5af3e Thu Jan 16 09:36:07 CST 2020 Liu Song <liu.song11@zte.com.cn> ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len In “ubifs_check_node”, when the value of "node_len" is abnormal, the code will goto label of "out_len" for execution. Then, in the following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE", in "print_hex_dump", an out-of-bounds access may occur due to the wrong "ch->len". Therefore, when the value of "node_len" is abnormal, data length should to be adjusted to a reasonable safe range. At this time, structured data is not credible, so dump the corrupted data directly for analysis. Signed-off-by: Liu Song <liu.song11@zte.com.cn> Signed-off-by: Richard Weinberger <richard@nod.at>
|