Page MenuHomeFreeBSD
Files F109946770

D41220.diff
No OneTemporary
Actions

D41220.diff
View Options

diff --git a/sys/fs/udf/udf.h b/sys/fs/udf/udf.h
--- a/sys/fs/udf/udf.h
+++ b/sys/fs/udf/udf.h
@@ -97,8 +97,10 @@
MALLOC_DECLARE(M_UDFFENTRY);
static __inline int
-udf_readdevblks(struct udf_mnt *udfmp, int sector, int size, struct buf **bp)
+udf_readdevblks(struct udf_mnt *udfmp, daddr_t sector, int size, struct buf **bp)
{
+ if (size < 0 || size + udfmp->bmask < size)
+ return (ERANGE);
return (RDSECTOR(udfmp->im_devvp, sector,
(size + udfmp->bmask) & ~udfmp->bmask, bp));
}
diff --git a/sys/fs/udf/udf_vfsops.c b/sys/fs/udf/udf_vfsops.c
--- a/sys/fs/udf/udf_vfsops.c
+++ b/sys/fs/udf/udf_vfsops.c
@@ -482,6 +482,11 @@
*/
sector = le32toh(udfmp->root_icb.loc.lb_num) + udfmp->part_start;
size = le32toh(udfmp->root_icb.len);
+ if (size < UDF_FENTRY_SIZE) {
+ printf("Invalid root directory file entry length %u\n",
+ size);
+ goto bail;
+ }
if ((error = udf_readdevblks(udfmp, sector, size, &bp)) != 0) {
printf("Cannot read sector %d\n", sector);
goto bail;

File Metadata

Mime Type
text/plain
Expires
Wed, Feb 12, 2:06 PM (19 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16611633
Default Alt Text
D41220.diff (1002 B)

Event Timeline