Home
last modified time | relevance | path

Searched hist:c4c0d19d39d26c5f58633f8fcca75f03b2854fc0 (Results 1 – 2 of 2) sorted by relevance

/openbmc/linux/fs/ubifs/
H A Ddebug.hdiff c4c0d19d39d26c5f58633f8fcca75f03b2854fc0 Tue Jun 16 02:11:42 CDT 2020 Zhihao Cheng <chengzhihao1@huawei.com> ubifs: Limit dumping length by size of memory which is allocated for the node

To prevent memory out-of-bounds accessing in ubifs_dump_node(), actual
dumping length should be restricted by another condition(size of memory
which is allocated for the node).

This patch handles following situations (These situations may be caused
by bit flipping due to hardware error, writing bypass ubifs, unknown
bugs in ubifs, etc.):
1. bad node_len: Dumping data according to 'ch->len' which may exceed
the size of memory allocated for node.
2. bad node content: Some kinds of node can record additional data, eg.
index node and orphan node, make sure the size of additional data
not beyond the node length.
3. node_type changes: Read data according to type A, but expected type
B, before that, node is allocated according to type B's size. Length
of type A node is greater than type B node.

Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
H A Ddebug.cdiff c4c0d19d39d26c5f58633f8fcca75f03b2854fc0 Tue Jun 16 02:11:42 CDT 2020 Zhihao Cheng <chengzhihao1@huawei.com> ubifs: Limit dumping length by size of memory which is allocated for the node

To prevent memory out-of-bounds accessing in ubifs_dump_node(), actual
dumping length should be restricted by another condition(size of memory
which is allocated for the node).

This patch handles following situations (These situations may be caused
by bit flipping due to hardware error, writing bypass ubifs, unknown
bugs in ubifs, etc.):
1. bad node_len: Dumping data according to 'ch->len' which may exceed
the size of memory allocated for node.
2. bad node content: Some kinds of node can record additional data, eg.
index node and orphan node, make sure the size of additional data
not beyond the node length.
3. node_type changes: Read data according to type A, but expected type
B, before that, node is allocated according to type B's size. Length
of type A node is greater than type B node.

Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>