diff options
| author | Nic Case <number9652@yahoo.com> | 2009-06-29 01:24:40 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2009-06-29 01:24:40 -0400 |
| commit | 6a8da46d284721e95f893d4f229a2bec473797e1 (patch) | |
| tree | cebad15e934503f88cc5135638de7ec5c64cfc38 /lib/ext2fs/dir_iterate.c | |
| parent | dad0bab204a61c1749e1bbc747f8fa86fa0f1577 (diff) | |
| download | android_external_e2fsprogs-6a8da46d284721e95f893d4f229a2bec473797e1.tar.gz android_external_e2fsprogs-6a8da46d284721e95f893d4f229a2bec473797e1.tar.bz2 android_external_e2fsprogs-6a8da46d284721e95f893d4f229a2bec473797e1.zip | |
libext2fs: ensure validate_entry doesn't read beyond blocksize
ext2fs_validate_entry would read beyond the end of the block to get
dirent->rec_len for certain arguments (like if blocksize ==
final_offset). This patch adds a check so that doesn't happen, and
changes the types of the arguments to avoid a compiler warning.
Signed-off-by: Nic Case <number9652@yahoo.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'lib/ext2fs/dir_iterate.c')
| -rw-r--r-- | lib/ext2fs/dir_iterate.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/ext2fs/dir_iterate.c b/lib/ext2fs/dir_iterate.c index ac5a31e2..39d713bc 100644 --- a/lib/ext2fs/dir_iterate.c +++ b/lib/ext2fs/dir_iterate.c @@ -64,13 +64,16 @@ errcode_t ext2fs_set_rec_len(ext2_filsys fs, * undeleted entry. Returns 1 if the deleted entry looks valid, zero * if not valid. */ -static int ext2fs_validate_entry(ext2_filsys fs, char *buf, int offset, - int final_offset) +static int ext2fs_validate_entry(ext2_filsys fs, char *buf, + unsigned int offset, + unsigned int final_offset) { struct ext2_dir_entry *dirent; unsigned int rec_len; +#define DIRENT_MIN_LENGTH 12 - while (offset < final_offset) { + while ((offset < final_offset) && + (offset <= fs->blocksize - DIRENT_MIN_LENGTH)) { dirent = (struct ext2_dir_entry *)(buf + offset); if (ext2fs_get_rec_len(fs, dirent, &rec_len)) return 0; |