03 Aug, 2018
1 commit
-
The squashfs fragment reading code doesn't actually verify that the
fragment is inside the fragment table. The end result _is_ verified to
be inside the image when actually reading the fragment data, but before
that is done, we may end up taking a page fault because the fragment
table itself might not even exist.Another report from Anatoly and his endless squashfs image fuzzing.
Reported-by: Анатолий Тросиненко
Acked-by:: Phillip Lougher ,
Cc: Willy Tarreau
Signed-off-by: Linus Torvalds
30 Jul, 2018
1 commit
-
Anatoly Trosinenko reports that a corrupted squashfs image can cause a
kernel oops. It turns out that squashfs can end up being confused about
negative fragment lengths.The regular squashfs_read_data() does check for negative lengths, but
squashfs_read_metadata() did not, and the fragment size code just
blindly trusted the on-disk value. Fix both the fragment parsing and
the metadata reading code.Reported-by: Anatoly Trosinenko
Cc: Al Viro
Cc: Phillip Lougher
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds
29 May, 2011
1 commit
-
le64 values should be swapped when accessing on
big-endian systems.Signed-off-by: Phillip Lougher
26 May, 2011
3 commits
-
My existing email address may stop working in a month or two, so update
email to one that will continue working.Signed-off-by: Phillip Lougher
-
Fsfuzzer generates corrupted filesystems which throw a warn_on in
kmalloc. One of these is due to a corrupted superblock fragments field.
Fix this by checking that the number of bytes to be read (and allocated)
does not extend into the next filesystem structure.Also add a couple of other sanity checks of the mount-time fragment table
structures.Signed-off-by: Phillip Lougher
-
This eliminates a lot of duplicate code.
Signed-off-by: Phillip Lougher
14 Jan, 2011
1 commit
-
Move squashfs_i() definition out of squashfs.h, this eliminates
the need to #include squashfs_fs_i.h from numerous files.Signed-off-by: Phillip Lougher
21 Jan, 2010
1 commit
-
Move zlib buffer init/destroy code into separate wrapper file. Also
make zlib z_stream field a void * removing the need to include zlib.h
for most files.Signed-off-by: Phillip Lougher
05 Jan, 2009
1 commit
-
Signed-off-by: Phillip Lougher