From: Andrew Morton <akpm@osdl.org>
Date: Wed, 22 Jun 2005 00:16:50 +0000 (-0700)
Subject: [PATCH] rock.c: handle corrupted directories
X-Git-Tag: v2.6.13-rc1~68^2~582^2~45
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e595447e177b39aa6c96baaa57b30cde2d8b9df7;p=pandora-kernel.git

[PATCH] rock.c: handle corrupted directories

The bug in rock.c is that it's totally trusting of the contents of the
directories.  If the directory says there's a continuation 10000 bytes into
this 4k block then we cheerily poke around in memory we don't own and oops.

So change rock_continue() to apply various sanity checks, at least ensuring
that the offset+length remain within the bounds for the header part of a
struct rock_ridge directory entry.

Note that the kernel can still overindex the buffer due to the variable size
of the rock-ridge directory entries.  We cannot check that in rock_continue()
unless we go parse the directory entry's signature and work out its size.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

Reading git-diff-tree failed