summaryrefslogtreecommitdiff
path: root/arch/arm/boot/dts/imx23-evk.dts
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-07-29 22:44:46 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2018-07-29 22:44:46 +0300
commit01cfb7937a9af2abb1136c7e89fbf3fd92952956 (patch)
tree2b01fbc7eb315150d5a0ed71a218e4008801138b /arch/arm/boot/dts/imx23-evk.dts
parenta26fb01c2879ed7026e6cbd78bb701912d249eef (diff)
downloadlinux-01cfb7937a9af2abb1136c7e89fbf3fd92952956.tar.xz
squashfs: be more careful about metadata corruption
Anatoly Trosinenko reports that a corrupted squashfs image can cause a kernel oops. It turns out that squashfs can end up being confused about negative fragment lengths. The regular squashfs_read_data() does check for negative lengths, but squashfs_read_metadata() did not, and the fragment size code just blindly trusted the on-disk value. Fix both the fragment parsing and the metadata reading code. Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Phillip Lougher <phillip@squashfs.org.uk> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/arm/boot/dts/imx23-evk.dts')
0 files changed, 0 insertions, 0 deletions