diff options
author | Torsten Hilbrich | 2016-06-20 07:09:10 +0200 |
---|---|---|
committer | Karel Zak | 2016-06-24 11:13:24 +0200 |
commit | ac681a310c32319423297544833932f4d689a7a2 (patch) | |
tree | b1abeb3da379f3b38c9eaf2168c45d781c498660 /term-utils/agetty.c | |
parent | lscpu: make lookup_cache() more robust (diff) | |
download | kernel-qcow2-util-linux-ac681a310c32319423297544833932f4d689a7a2.tar.gz kernel-qcow2-util-linux-ac681a310c32319423297544833932f4d689a7a2.tar.xz kernel-qcow2-util-linux-ac681a310c32319423297544833932f4d689a7a2.zip |
liblkid: Add length check in probe_nilfs2 before crc32
The bytes variable is read from the file system to probe and must be
checked before used as length parameter in the crc32 call.
The following problems may occur here:
- bytes smaller than sumoff + 4: underflow in length calculation
- bytes larger than remaining space in sb: overflow of buffer
This fixes a problem where an encrypted volume had the correct magic
values 0x3434 at offset 0x406 and the following uint16_t (which is
read into the nilfs_super_block.s_bytes struct) was parsed as 1.
Then crc32 was called with the length value 18446744073709551597
causing a segmentation fault.
[kzak@redhat.com: - fix probe_nilfs2() return code]
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'term-utils/agetty.c')
0 files changed, 0 insertions, 0 deletions