Re: [PATCH] ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len

From: Richard Weinberger
Date: Mon Mar 30 2020 - 17:31:27 EST

Next message: Hans de Goede: "Re: ACPI Video Driver creates backlight on desktop board"
Previous message: Adrian Ratiu: "Re: [PATCH v5 4/5] drm: imx: Add i.MX 6 MIPI DSI host platform driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 16, 2020 at 4:37 PM Liu Song <fishland@xxxxxxxxxx> wrote:
>
> From: Liu Song <liu.song11@xxxxxxxxxx>
>
> In âubifs_check_nodeâ, when the value of "node_len" is abnormal,
> the code will goto label of "out_len" for execution. Then, in the
> following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE",
> in "print_hex_dump", an out-of-bounds access may occur due to the
> wrong "ch->len".
>
> Therefore, when the value of "node_len" is abnormal, data length
> should to be adjusted to a reasonable safe range. At this time,
> structured data is not credible, so dump the corrupted data directly
> for analysis.
>
> Signed-off-by: Liu Song <liu.song11@xxxxxxxxxx>

Applied, thanks!

--
Thanks,
//richard

Next message: Hans de Goede: "Re: ACPI Video Driver creates backlight on desktop board"
Previous message: Adrian Ratiu: "Re: [PATCH v5 4/5] drm: imx: Add i.MX 6 MIPI DSI host platform driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]