Group :: System/Kernel and hardware
RPM: grub
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: grub-2.06-upstream-0052-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
Download
Download
From e40b83335bb33d9a2d1c06cc269875b3b3d6c539 Mon Sep 17 00:00:00 2001
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date: Wed, 6 Apr 2022 18:17:43 +0530
Subject: [PATCH 2/5] fs/f2fs: Do not copy file names that are too long
A corrupt f2fs file system might specify a name length which is greater
than the maximum name length supported by the GRUB f2fs driver.
We will allocate enough memory to store the overly long name, but there
are only F2FS_NAME_LEN bytes in the source, so we would read past the end
of the source.
While checking directory entries, do not copy a file name with an invalid
length.
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/f2fs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index 8898b235e..df6beb544 100644
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
ftype = ctx->dentry[i].file_type;
name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
+
+ if (name_len >= F2FS_NAME_LEN)
+ return 0;
+
filename = grub_malloc (name_len + 1);
if (!filename)
return 0;
--
2.33.5