|
|
@@ -209,6 +209,11 @@ repeat:
|
|
|
|
|
|
while (rs.len > 2) { /* There may be one byte for padding somewhere */
|
|
|
rr = (struct rock_ridge *)rs.chr;
|
|
|
+ /*
|
|
|
+ * Ignore rock ridge info if rr->len is out of range, but
|
|
|
+ * don't return -EIO because that would make the file
|
|
|
+ * invisible.
|
|
|
+ */
|
|
|
if (rr->len < 3)
|
|
|
goto out; /* Something got screwed up here */
|
|
|
sig = isonum_721(rs.chr);
|
|
|
@@ -216,8 +221,12 @@ repeat:
|
|
|
goto eio;
|
|
|
rs.chr += rr->len;
|
|
|
rs.len -= rr->len;
|
|
|
+ /*
|
|
|
+ * As above, just ignore the rock ridge info if rr->len
|
|
|
+ * is bogus.
|
|
|
+ */
|
|
|
if (rs.len < 0)
|
|
|
- goto eio; /* corrupted isofs */
|
|
|
+ goto out; /* Something got screwed up here */
|
|
|
|
|
|
switch (sig) {
|
|
|
case SIG('R', 'R'):
|
|
|
@@ -307,6 +316,11 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
|
|
|
repeat:
|
|
|
while (rs.len > 2) { /* There may be one byte for padding somewhere */
|
|
|
rr = (struct rock_ridge *)rs.chr;
|
|
|
+ /*
|
|
|
+ * Ignore rock ridge info if rr->len is out of range, but
|
|
|
+ * don't return -EIO because that would make the file
|
|
|
+ * invisible.
|
|
|
+ */
|
|
|
if (rr->len < 3)
|
|
|
goto out; /* Something got screwed up here */
|
|
|
sig = isonum_721(rs.chr);
|
|
|
@@ -314,8 +328,12 @@ repeat:
|
|
|
goto eio;
|
|
|
rs.chr += rr->len;
|
|
|
rs.len -= rr->len;
|
|
|
+ /*
|
|
|
+ * As above, just ignore the rock ridge info if rr->len
|
|
|
+ * is bogus.
|
|
|
+ */
|
|
|
if (rs.len < 0)
|
|
|
- goto eio; /* corrupted isofs */
|
|
|
+ goto out; /* Something got screwed up here */
|
|
|
|
|
|
switch (sig) {
|
|
|
#ifndef CONFIG_ZISOFS /* No flag for SF or ZF */
|
Adam Greenblatt