tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

affs: bound hash_pos before table lookup in affs_readdir

affs_readdir() decodes ctx->pos into hash_pos and chain_pos and then
dereferences AFFS_HEAD(dir_bh)->table[hash_pos] before validating
that hash_pos is within the runtime table bound. Treat out-of-range
positions as end-of-directory before the first table lookup.

Signed-off-by: Hyungjung Joo <jhj140711@gmail.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

authored by

Hyungjung Joo and committed by
David Sterba 6fa253b3 c3692998

+2
+2
fs/affs/dir.c
··· 119 119 pr_debug("readdir() left off=%d\n", ino); 120 120 goto inside; 121 121 } 122 + if (hash_pos >= AFFS_SB(sb)->s_hashsize) 123 + goto done; 122 124 123 125 ino = be32_to_cpu(AFFS_HEAD(dir_bh)->table[hash_pos]); 124 126 for (i = 0; ino && i < chain_pos; i++) {