a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
se9.0
android_kernel_samsung_univ.../fs/squashfs
History
Linus Torvalds 581c294184 squashfs: more metadata hardenings 
commit 71755ee5350b63fb1f283de8561cdb61b47f4d1d upstream.

The squashfs fragment reading code doesn't actually verify that the
fragment is inside the fragment table.  The end result _is_ verified to
be inside the image when actually reading the fragment data, but before
that is done, we may end up taking a page fault because the fragment
table itself might not even exist.

Another report from Anatoly and his endless squashfs image fuzzing.

Reported-by: Анатолий Тросиненко <anatoly.trosinenko@gmail.com>
Acked-by:: Phillip Lougher <phillip.lougher@gmail.com>,
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-08-06 16:24:42 +02:00
..
block.c squashfs: more metadata hardening 2018-08-06 16:24:42 +02:00
cache.c squashfs: be more careful about metadata corruption 2018-08-06 16:24:40 +02:00
decompressor_multi_percpu.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
decompressor_multi.c Squashfs: Check stream is not NULL in decompressor_multi.c 2013-11-20 03:59:20 +00:00
decompressor_single.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
decompressor.c Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
decompressor.h Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
dir.c
export.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
file_cache.c Squashfs: Restructure squashfs_readpage() 2013-11-20 03:59:07 +00:00
file_direct.c fs/squashfs/file_direct.c: replace count*size kmalloc by kmalloc_array 2014-08-06 18:01:13 -07:00
file.c squashfs: be more careful about metadata corruption 2018-08-06 16:24:40 +02:00
fragment.c squashfs: more metadata hardenings 2018-08-06 16:24:42 +02:00
id.c
inode.c
Kconfig Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
lz4_wrapper.c Squashfs: add LZ4 compression support 2014-11-27 07:44:11 +00:00
lzo_wrapper.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
Makefile Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
namei.c
page_actor.c Squashfs: Directly decompress into the page cache for file data 2013-11-20 03:59:13 +00:00
page_actor.h Squashfs: Directly decompress into the page cache for file data 2013-11-20 03:59:13 +00:00
squashfs_fs_i.h fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
squashfs_fs_sb.h squashfs: more metadata hardenings 2018-08-06 16:24:42 +02:00
squashfs_fs.h squashfs: be more careful about metadata corruption 2018-08-06 16:24:40 +02:00
squashfs.h fs/squashfs/squashfs.h: replace pr_warning by pr_warn 2014-06-04 16:53:52 -07:00
super.c squashfs: more metadata hardenings 2018-08-06 16:24:42 +02:00
symlink.c
xattr_id.c
xattr.c squashfs: xattr simplifications 2015-11-13 20:34:33 -05:00
xattr.h
xz_wrapper.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
zlib_wrapper.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00