diff options
author | Timo Warns <Warns@pre-sense.de> | 2011-03-14 14:59:33 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-14 10:14:28 -0700 |
commit | 1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 (patch) | |
tree | eae0a7cdf358b1b0396e9c3ec935d0e6be72bdb2 /fs/fuse | |
parent | 2fbfac4e053861925fa3fffcdc327649b09af54c (diff) |
Fix corrupted OSF partition table parsing
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating OSF partitions contains a bug that leaks data
from kernel heap memory to userspace for certain corrupted OSF
partitions.
In more detail:
for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) {
iterates from 0 to d_npartitions - 1, where d_npartitions is read from
the partition table without validation and partition is a pointer to an
array of at most 8 d_partitions.
Add the proper and obvious validation.
Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: stable@kernel.org
[ Changed the patch trivially to not repeat the whole le16_to_cpu()
thing, and to use an explicit constant for the magic value '8' ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/fuse')
0 files changed, 0 insertions, 0 deletions