git projects / ziggy471-frankenstein-kernel.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree | latest snapshot
plain | history

Update to 2.6.32.39 Mainline
/fs/squashfs/dir.c
blob:566b0eaed868df557a7e05061cd31b0f160a2b54 -> blob:16c1b4a533b2c219e90fe369a51fb4b2a103f89f
--- fs/squashfs/dir.c
+++ fs/squashfs/dir.c
@@ -173,6 +173,11 @@ static int squashfs_readdir(struct file
length += sizeof(dirh);
dir_count = le32_to_cpu(dirh.count) + 1;
+
+ /* dir_count should never be larger than 256 */
+ if (dir_count > 256)
+ goto failed_read;
+
while (dir_count--) {
/*
* Read directory entry.
@@ -184,6 +189,10 @@ static int squashfs_readdir(struct file
size = le16_to_cpu(dire->size) + 1;
+ /* size should never be larger than SQUASHFS_NAME_LEN */
+ if (size > SQUASHFS_NAME_LEN)
+ goto failed_read;
+
err = squashfs_read_metadata(inode->i_sb, dire->name,
&block, &offset, size);
if (err < 0)
Frankenstine (BRAVO/EVO/INC) kernel source