[hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, natty/ti-omap4 CVE 1/1] hfs: add sanity check for file name length
Andy Whitcroft
apw at canonical.com
Thu Nov 24 17:50:54 UTC 2011
From: Dan Carpenter <dan.carpenter at oracle.com>
On a corrupted file system the ->len field could be wrong leading to
a buffer overflow.
Reported-and-acked-by: Clement LECIGNE <clement.lecigne at netasq.com>
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Cc: stable at kernel.org
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
(cherry picked from commit bc5b8a9003132ae44559edd63a1623b7b99dfb68)
CVE-2011-4330
BugLink: http://bugs.launchpad.net/bugs/894374
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
fs/hfs/trans.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c
index e673a88..b1ce4c7 100644
--- a/fs/hfs/trans.c
+++ b/fs/hfs/trans.c
@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in)
src = in->name;
srclen = in->len;
+ if (srclen > HFS_NAMELEN)
+ srclen = HFS_NAMELEN;
dst = out;
dstlen = HFS_MAX_NAMELEN;
if (nls_io) {
--
1.7.5.4
More information about the kernel-team
mailing list