• Linus Torvalds's avatar
    squashfs metadata 2: electric boogaloo · cdbb65c4
    Linus Torvalds authored
    Anatoly continues to find issues with fuzzed squashfs images.
    
    This time, corrupt, missing, or undersized data for the page filling
    wasn't checked for, because the squashfs_{copy,read}_cache() functions
    did the squashfs_copy_data() call without checking the resulting data
    size.
    
    Which could result in the page cache pages being incompletely filled in,
    and no error indication to the user space reading garbage data.
    
    So make a helper function for the "fill in pages" case, because the
    exact same incomplete sequence existed in two places.
    
    [ I should have made a squashfs branch for these things, but I didn't
      intend to start doing them in the first place.
    
      My historical connection through cramfs is why I got into looking at
      these issues at all, and every time I (continue to) think it's a
      one-off.
    
      Because _this_ time is always the last time. Right?   - Linus ]
    Reported-by: default avatarAnatoly Trosinenko <anatoly.trosinenko@gmail.com>
    Tested-by: default avatarWilly Tarreau <w@1wt.eu>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Phillip Lougher <phillip@squashfs.org.uk>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    cdbb65c4
file.c 14.4 KB