Commit aec9f377e4f235c47e27fd8a429555dfa2dda342
Committed by
Jens Axboe
Jens Axboe
1 parent
ddad9ef582
Exists in
master
and in
6 other branches
drivers/cdrom/cdrom.c: relax check on dvd manufacturer value
The report has an ISO which has a very long manufacturer ID. It seems that Linux is wrong, not the ISO maker. Relax the check for the length of this field: emit a warning and truncate the incoming data to 2048 bytes rather than rejecting the entire thing. dvd_manufact.value isn't null-terminated. I'm not even sure if it's a string. The kernel doesn't apepar to use it anyway. Addresses https://bugzilla.kernel.org/show_bug.cgi?id=39062 Reported-by: <ale.goujon@gmail.com> Tested-by: <ale.goujon@gmail.com> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Showing 1 changed file with 7 additions and 1 deletions Side-by-side Diff
drivers/cdrom/cdrom.c
| ... | ... | @@ -1929,11 +1929,17 @@ |
| 1929 | 1929 | goto out; |
| 1930 | 1930 | |
| 1931 | 1931 | s->manufact.len = buf[0] << 8 | buf[1]; |
| 1932 | - if (s->manufact.len < 0 || s->manufact.len > 2048) { | |
| 1932 | + if (s->manufact.len < 0) { | |
| 1933 | 1933 | cdinfo(CD_WARNING, "Received invalid manufacture info length" |
| 1934 | 1934 | " (%d)\n", s->manufact.len); |
| 1935 | 1935 | ret = -EIO; |
| 1936 | 1936 | } else { |
| 1937 | + if (s->manufact.len > 2048) { | |
| 1938 | + cdinfo(CD_WARNING, "Received invalid manufacture info " | |
| 1939 | + "length (%d): truncating to 2048\n", | |
| 1940 | + s->manufact.len); | |
| 1941 | + s->manufact.len = 2048; | |
| 1942 | + } | |
| 1937 | 1943 | memcpy(s->manufact.value, &buf[4], s->manufact.len); |
| 1938 | 1944 | } |
| 1939 | 1945 |