brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
4.4.x
linux-brain/fs/squashfs
History
Linus Torvalds 581c294184 squashfs: more metadata hardenings 
commit 71755ee535 upstream.

The squashfs fragment reading code doesn't actually verify that the
fragment is inside the fragment table.  The end result _is_ verified to
be inside the image when actually reading the fragment data, but before
that is done, we may end up taking a page fault because the fragment
table itself might not even exist.

Another report from Anatoly and his endless squashfs image fuzzing.

Reported-by: Анатолий Тросиненко <anatoly.trosinenko@gmail.com>
Acked-by:: Phillip Lougher <phillip.lougher@gmail.com>,
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-08-06 16:24:42 +02:00
..
block.c squashfs: more metadata hardening 2018-08-06 16:24:42 +02:00
cache.c squashfs: be more careful about metadata corruption 2018-08-06 16:24:40 +02:00
decompressor_multi_percpu.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
decompressor_multi.c Squashfs: Check stream is not NULL in decompressor_multi.c 2013-11-20 03:59:20 +00:00
decompressor_single.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
decompressor.c Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
decompressor.h Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
dir.c Squashfs: add corruption check for type in squashfs_readdir() 2013-09-06 04:57:54 +01:00
export.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
file_cache.c Squashfs: Restructure squashfs_readpage() 2013-11-20 03:59:07 +00:00
file_direct.c fs/squashfs/file_direct.c: replace count*size kmalloc by kmalloc_array 2014-08-06 18:01:13 -07:00
file.c squashfs: be more careful about metadata corruption 2018-08-06 16:24:40 +02:00
fragment.c squashfs: more metadata hardenings 2018-08-06 16:24:42 +02:00
id.c Squashfs: Fix sanity check patches on big-endian systems 2011-05-29 10:03:09 +01:00
inode.c userns: Convert squashfs to use kuid/kgid where appropriate 2012-09-21 03:13:35 -07:00
Kconfig Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
lz4_wrapper.c Squashfs: add LZ4 compression support 2014-11-27 07:44:11 +00:00
lzo_wrapper.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
Makefile Squashfs: Add LZ4 compression configuration option 2014-11-27 18:48:44 +00:00
namei.c Squashfs: fix corruption checks in squashfs_lookup() 2013-09-06 04:57:53 +01:00
page_actor.c Squashfs: Directly decompress into the page cache for file data 2013-11-20 03:59:13 +00:00
page_actor.h Squashfs: Directly decompress into the page cache for file data 2013-11-20 03:59:13 +00:00
squashfs_fs_i.h fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
squashfs_fs_sb.h squashfs: more metadata hardenings 2018-08-06 16:24:42 +02:00
squashfs_fs.h squashfs: be more careful about metadata corruption 2018-08-06 16:24:40 +02:00
squashfs.h fs/squashfs/squashfs.h: replace pr_warning by pr_warn 2014-06-04 16:53:52 -07:00
super.c squashfs: more metadata hardenings 2018-08-06 16:24:42 +02:00
symlink.c squashfs: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:25 +08:00
xattr_id.c Squashfs: update email address 2011-05-26 10:49:11 +01:00
xattr.c squashfs: xattr simplifications 2015-11-13 20:34:33 -05:00
xattr.h Squashfs: update email address 2011-05-26 10:49:11 +01:00
xz_wrapper.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
zlib_wrapper.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00