Browse Source

Preventing use of zero sized SUSP CE entry which causes SIGSEGV. Debian bug 872590. Thanks Jakub Wilk and American Fuzzy Lop.

release-1.5.4.branch
Thomas Schmitt 4 years ago
parent
commit
91490d5f34
  1. 3
      libisofs/libisofs.h
  2. 2
      libisofs/messages.c
  3. 4
      libisofs/rockridge_read.c

3
libisofs/libisofs.h

@ -8883,6 +8883,9 @@ int iso_conv_name_chars(IsoWriteOpts *opts, char *name, size_t name_len,
/** Unable to obtain root directory (FATAL,HIGH, -418) */
#define ISO_NO_ROOT_DIR 0xF030FE5E
/** Zero sized or oversized SUSP CE area found (FAILURE, HIGH, -419) */
#define ISO_SUSP_WRONG_CE_SIZE 0xE830FE5D
/* Internal developer note:
Place new error codes directly above this comment.

2
libisofs/messages.c

@ -549,6 +549,8 @@ const char *iso_error_to_msg(int errcode)
return "Unrecognized GPT disk GUID setup mode";
case ISO_NO_ROOT_DIR:
return "Unable to obtain root directory";
case ISO_SUSP_WRONG_CE_SIZE:
return "Zero sized or oversized SUSP CE area found";
default:
return "Unknown error";
}

4
libisofs/rockridge_read.c

@ -97,8 +97,10 @@ int susp_iter_next(SuspIterator *iter, struct susp_sys_user_entry **sue,
if (iter->ce_len) {
uint32_t block, nblocks;
/* A CE has found, there is another continuation area */
/* A CE was found, there is another continuation area */
nblocks = DIV_UP(iter->ce_off + iter->ce_len, BLOCK_SIZE);
if (nblocks <= 0)
return ISO_SUSP_WRONG_CE_SIZE;
iter->buffer = realloc(iter->buffer, nblocks * BLOCK_SIZE);
/* read all blocks needed to cache the full CE */

Loading…
Cancel
Save