From 6a8da46d284721e95f893d4f229a2bec473797e1 Mon Sep 17 00:00:00 2001 From: Nic Case Date: Mon, 29 Jun 2009 01:24:40 -0400 Subject: [PATCH] libext2fs: ensure validate_entry doesn't read beyond blocksize ext2fs_validate_entry would read beyond the end of the block to get dirent->rec_len for certain arguments (like if blocksize == final_offset). This patch adds a check so that doesn't happen, and changes the types of the arguments to avoid a compiler warning. Signed-off-by: Nic Case Signed-off-by: "Theodore Ts'o" --- lib/ext2fs/dir_iterate.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/ext2fs/dir_iterate.c b/lib/ext2fs/dir_iterate.c index ac5a31e..39d713b 100644 --- a/lib/ext2fs/dir_iterate.c +++ b/lib/ext2fs/dir_iterate.c @@ -64,13 +64,16 @@ errcode_t ext2fs_set_rec_len(ext2_filsys fs, * undeleted entry. Returns 1 if the deleted entry looks valid, zero * if not valid. */ -static int ext2fs_validate_entry(ext2_filsys fs, char *buf, int offset, - int final_offset) +static int ext2fs_validate_entry(ext2_filsys fs, char *buf, + unsigned int offset, + unsigned int final_offset) { struct ext2_dir_entry *dirent; unsigned int rec_len; +#define DIRENT_MIN_LENGTH 12 - while (offset < final_offset) { + while ((offset < final_offset) && + (offset <= fs->blocksize - DIRENT_MIN_LENGTH)) { dirent = (struct ext2_dir_entry *)(buf + offset); if (ext2fs_get_rec_len(fs, dirent, &rec_len)) return 0; -- 1.8.3.1