aboutsummaryrefslogtreecommitdiff
path: root/fs/squashfs/dir.c
Commit message (Collapse)AuthorAgeFilesLines
* Squashfs: add corruption check for type in squashfs_readdir()Phillip Lougher2017-04-111-2/+5
| | | | | | | | | We read the type field from disk. This value should be sanity checked for correctness to avoid an out of bounds access when reading the squashfs_filetype_table array. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Change-Id: I0df14ce631a38af3f5920f604e727e88812dcffc
* Squashfs: add corruption check in get_dir_index_using_offset()Phillip Lougher2017-04-111-1/+8
| | | | | | | | | | | | | We read the size (of the name) field from disk. This value should be sanity checked for correctness to avoid blindly reading huge amounts of unnecessary data from disk on corruption. Note, here we're not actually reading the name into a buffer, but skipping it, and so corruption doesn't cause buffer overflow, merely lots of unnecessary amounts of data to be read. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Change-Id: Ie5c833653d72bb0a89623bfc83e724a5015ea90e
* Squashfs: fix corruption checks in squashfs_readdir()Phillip Lougher2017-04-111-3/+2
| | | | | | | | | | | The dir_count and size fields when read from disk are sanity checked for correctness. However, the sanity checks only check the values are not greater than expected. As dir_count and size were incorrectly defined as signed ints, this can lead to corrupted values appearing as negative which are not trapped. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Change-Id: Id72c1e19289eb445a29d0a504677c62f18ac1bd2
* [readdir] convert squashfsAl Viro2017-04-111-28/+12
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Change-Id: I7afbbb3c74557bc8ab65fc9234952502c354b8e1
* first commitMeizu OpenSource2016-08-151-0/+243
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 08:33:31 +0000