Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-24 21:21:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
27ab338548
linux/fs/udf
History
Jan Kara 27ab338548 udf: Fix bogus checksum computation in udf_rename() 
Syzbot reports uninitialized memory access in udf_rename() when updating
checksum of '..' directory entry of a moved directory. This is indeed
true as we pass on-stack diriter.fi to the udf_update_tag() and because
that has only struct fileIdentDesc included in it and not the impUse or
name fields, the checksumming function is going to checksum random stack
contents beyond the end of the structure. This is actually harmless
because the following udf_fiiter_write_fi() will recompute the checksum
from on-disk buffers where everything is properly included. So all that
is needed is just removing the bogus calculation.

Fixes: e9109a92d2 ("udf: Convert udf_rename() to new directory iteration code")
Link: https://lore.kernel.org/all/000000000000cf405f060d8f75a9@google.com/T/
Link: https://patch.msgid.link/20240617154201.29512-1-jack@suse.cz
Reported-by: syzbot+d31185aa54170f7fc1f5@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
2024-06-20 15:07:27 +02:00
..
balloc.c fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier 2023-05-30 15:39:13 +02:00
dir.c udf: Remove GFP_NOFS from dir iteration code 2024-01-23 19:21:10 +01:00
directory.c udf: Fix -Wstringop-overflow warnings 2023-07-31 16:34:06 +02:00
ecma_167.h udf: Avoid unneeded variable length array in struct fileIdentDesc 2023-10-03 11:27:52 +02:00
file.c udf: Fix lock ordering in udf_evict_inode() 2024-06-05 10:36:46 +02:00
ialloc.c udf: convert to new timestamp accessors 2023-10-18 14:08:28 +02:00
inode.c udf: Fix lock ordering in udf_evict_inode() 2024-06-05 10:36:46 +02:00
Kconfig fs: add CONFIG_BUFFER_HEAD 2023-08-02 09:13:09 -06:00
lowlevel.c fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier 2023-05-30 15:39:13 +02:00
Makefile
misc.c fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier 2023-05-30 15:39:13 +02:00
namei.c udf: Fix bogus checksum computation in udf_rename() 2024-06-20 15:07:27 +02:00
osta_udf.h udf: Get rid of 0-length arrays 2021-08-11 16:54:44 +02:00
partition.c fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier 2023-05-30 15:39:13 +02:00
super.c udf: replace deprecated strncpy/strcpy with strscpy 2024-04-02 15:23:47 +02:00
symlink.c udf: Convert udf_symlink_getattr() to use a folio 2024-04-23 15:37:02 +02:00
truncate.c fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier 2023-05-30 15:39:13 +02:00
udf_i.h udf: Preserve link count of system files 2023-01-09 10:39:53 +01:00
udf_sb.h udf: convert novrs to an option flag 2024-02-21 13:55:30 +01:00
udfdecl.h udf: Move udf_adinicb_readpage() to inode.c 2023-01-26 16:46:36 +01:00
udfend.h
udftime.c udf: udftime: prevent overflow in udf_disk_stamp_to_time() 2024-04-10 13:10:12 +02:00
unicode.c udf: Fix uninitialized array access for some pathnames 2023-06-21 11:53:06 +02:00