linux-sg2042/fs/squashfs
Linus Torvalds 01cfb7937a squashfs: be more careful about metadata corruption
Anatoly Trosinenko reports that a corrupted squashfs image can cause a
kernel oops.  It turns out that squashfs can end up being confused about
negative fragment lengths.

The regular squashfs_read_data() does check for negative lengths, but
squashfs_read_metadata() did not, and the fragment size code just
blindly trusted the on-disk value.  Fix both the fragment parsing and
the metadata reading code.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Phillip Lougher <phillip@squashfs.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-07-29 12:44:46 -07:00
..
Kconfig squashfs: Add zstd support 2017-09-08 19:33:25 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
block.c block,fs: untangle fs.h and blk_types.h 2016-11-01 09:43:26 -06:00
cache.c squashfs: be more careful about metadata corruption 2018-07-29 12:44:46 -07:00
decompressor.c squashfs: Add zstd support 2017-09-08 19:33:25 -07:00
decompressor.h squashfs: Add zstd support 2017-09-08 19:33:25 -07:00
decompressor_multi.c Squashfs: Check stream is not NULL in decompressor_multi.c 2013-11-20 03:59:20 +00:00
decompressor_multi_percpu.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
decompressor_single.c Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
dir.c romfs, squashfs: switch to ->iterate_shared() 2016-05-09 11:41:15 -04:00
export.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
file.c squashfs: be more careful about metadata corruption 2018-07-29 12:44:46 -07:00
file_cache.c Squashfs: Restructure squashfs_readpage() 2013-11-20 03:59:07 +00:00
file_direct.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
fragment.c squashfs: be more careful about metadata corruption 2018-07-29 12:44:46 -07:00
id.c Squashfs: Fix sanity check patches on big-endian systems 2011-05-29 10:03:09 +01:00
inode.c vfs: Remove {get,set,remove}xattr inode operations 2016-10-07 21:48:36 -04:00
lz4_wrapper.c fs/pstore: fs/squashfs: change usage of LZ4 to work with new LZ4 version 2017-02-24 17:46:57 -08:00
lzo_wrapper.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
namei.c vfs: Remove {get,set,remove}xattr inode operations 2016-10-07 21:48:36 -04:00
page_actor.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
page_actor.h mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
squashfs.h fs/squashfs/squashfs.h: replace pr_warning by pr_warn 2014-06-04 16:53:52 -07:00
squashfs_fs.h squashfs: be more careful about metadata corruption 2018-07-29 12:44:46 -07:00
squashfs_fs_i.h fs: cleanup slight list_entry abuse 2015-06-23 18:01:59 -04:00
squashfs_fs_sb.h Squashfs: Generalise paging handling in the decompressors 2013-11-20 03:59:01 +00:00
super.c Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
symlink.c vfs: remove ".readlink = generic_readlink" assignments 2016-12-09 16:45:04 +01:00
xattr.c xattr_handler: pass dentry and inode as separate arguments of ->get() 2016-04-10 20:48:24 -04:00
xattr.h vfs: Remove {get,set,remove}xattr inode operations 2016-10-07 21:48:36 -04:00
xattr_id.c Squashfs: update email address 2011-05-26 10:49:11 +01:00
xz_wrapper.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
zlib_wrapper.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
zstd_wrapper.c squashfs: Add zstd support 2017-09-08 19:33:25 -07:00