mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-28 23:51:33 +00:00
CVE-2019-13104: ext4: check for underflow in ext4fs_read_file
in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
This commit is contained in:
parent
6e5a79de65
commit
878269dbe7
1 changed files with 5 additions and 3 deletions
|
@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
|
|||
|
||||
ext_cache_init(&cache);
|
||||
|
||||
if (blocksize <= 0)
|
||||
return -1;
|
||||
|
||||
/* Adjust len so it we can't read past the end of the file. */
|
||||
if (len + pos > filesize)
|
||||
len = (filesize - pos);
|
||||
|
||||
if (blocksize <= 0 || len <= 0) {
|
||||
ext_cache_fini(&cache);
|
||||
return -1;
|
||||
}
|
||||
|
||||
blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
|
||||
|
||||
for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
|
||||
|
|
Loading…
Reference in a new issue