FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 03-20-2009, 01:05 AM
Tim Gardner
 
Default udf: UBUNTU: SAUCE (drop after 2.6.30): Fix oops when invalid character in filename occurs

Stefan Bader wrote:
> From: Jan Kara <jack@suse.cz>
>
> Bug: #321606
>
> Not upstream, yet. Queued to linux-next
>
> udf: Fix oops when invalid character in filename occurs
>
> Functions udf_CS0toNLS() and udf_NLStoCS0() didn't count with the fact that
> NLS can return negative length when invalid character is given to it for
> conversion. Thus interesting things could happen (such as overwriting random
> memory with the rest of filename). Add appropriate checks.
>
> Signed-off-by: Jan Kara <jack@suse.cz>
> Signed-off-by: Stefan.Bader <stefan.bader@canonical.com>
> ---
> fs/udf/unicode.c | 21 ++++++++++++++++-----
> 1 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c
> index 9fdf8c9..7215153 100644
> --- a/fs/udf/unicode.c
> +++ b/fs/udf/unicode.c
> @@ -254,7 +254,7 @@ static int udf_CS0toNLS(struct nls_table *nls, struct ustr *utf_o,
> {
> const uint8_t *ocu;
> uint8_t cmp_id, ocu_len;
> - int i;
> + int i, len;
>
>
> ocu_len = ocu_i->u_len;
> @@ -279,8 +279,13 @@ static int udf_CS0toNLS(struct nls_table *nls, struct ustr *utf_o,
> if (cmp_id == 16)
> c = (c << 8) | ocu[i++];
>
> - utf_o->u_len += nls->uni2char(c, &utf_o->u_name[utf_o->u_len],
> - UDF_NAME_LEN - utf_o->u_len);
> + len = nls->uni2char(c, &utf_o->u_name[utf_o->u_len],
> + UDF_NAME_LEN - utf_o->u_len);
> + /* Valid character? */
> + if (len >= 0)
> + utf_o->u_len += len;
> + else
> + utf_o->u_name[utf_o->u_len++] = '?';
> }
> utf_o->u_cmpID = 8;
>
> @@ -290,7 +295,8 @@ static int udf_CS0toNLS(struct nls_table *nls, struct ustr *utf_o,
> static int udf_NLStoCS0(struct nls_table *nls, dstring *ocu, struct ustr *uni,
> int length)
> {
> - unsigned len, i, max_val;
> + int len;
> + unsigned i, max_val;
> uint16_t uni_char;
> int u_len;
>
> @@ -302,8 +308,13 @@ try_again:
> u_len = 0U;
> for (i = 0U; i < uni->u_len; i++) {
> len = nls->char2uni(&uni->u_name[i], uni->u_len - i, &uni_char);
> - if (len <= 0)
> + if (!len)
> continue;
> + /* Invalid character, deal with it */
> + if (len < 0) {
> + len = 1;
> + uni_char = '?';
> + }
>
> if (uni_char > max_val) {
> max_val = 0xffffU;

ACK - why don't you think it'll make the 2.6.30 merge window?

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 07:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org