FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-16 22:10:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1eafbfeb7b
linux/fs/partitions
History
Timo Warns 1eafbfeb7b Fix corrupted OSF partition table parsing 
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating OSF partitions contains a bug that leaks data
from kernel heap memory to userspace for certain corrupted OSF
partitions.

In more detail:

  for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) {

iterates from 0 to d_npartitions - 1, where d_npartitions is read from
the partition table without validation and partition is a pointer to an
array of at most 8 d_partitions.

Add the proper and obvious validation.

Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: stable@kernel.org
[ Changed the patch trivially to not repeat the whole le16_to_cpu()
  thing, and to use an explicit constant for the magic value '8' ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-14 10:14:28 -07:00
..
acorn.c
acorn.h
amiga.c
amiga.h
atari.c
atari.h
check.c Merge branch 'for-2.6.38/event-handling' into for-2.6.38/core 2011-01-13 14:47:54 +01:00
check.h
efi.c
efi.h
ibm.c
ibm.h
karma.c
karma.h
Kconfig
ldm.c ldm: corrupted partition table can cause kernel oops 2011-02-25 15:07:36 -08:00
ldm.h
mac.c fs/partitions: Validate map_count in Mac partition tables 2011-02-17 17:50:51 -08:00
mac.h
Makefile
msdos.c
msdos.h
osf.c Fix corrupted OSF partition table parsing 2011-03-14 10:14:28 -07:00
osf.h
sgi.c
sgi.h
sun.c
sun.h
sysv68.c
sysv68.h
ultrix.c
ultrix.h