diff options
| author | tjr <tjr@FreeBSD.org> | 2004-09-08 10:57:09 +0000 |
|---|---|---|
| committer | tjr <tjr@FreeBSD.org> | 2004-09-08 10:57:09 +0000 |
| commit | 1d085394336dc06a0fd195ff4225080701b6fa5f (patch) | |
| tree | 26f2de1beeff85b388bd96866ea8038c505d077f | |
| parent | 8337118014694f7f25c0fe0425553914b6ae882a (diff) | |
| download | FreeBSD-src-1d085394336dc06a0fd195ff4225080701b6fa5f.zip FreeBSD-src-1d085394336dc06a0fd195ff4225080701b6fa5f.tar.gz | |
Merge from NetBSD:
Fix a panic that occurred when trying to traverse a corrupt msdosfs
filesystem. With this particular corruption, the code in pcbmap()
would compute an offset into an array that was way out of bounds,
so check the bounds before trying to access and return an error if
the offset would be out of bounds.
Submitted by: Xin LI
| -rw-r--r-- | sys/fs/msdosfs/msdosfs_fat.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/fs/msdosfs/msdosfs_fat.c b/sys/fs/msdosfs/msdosfs_fat.c index 394c9ec..8c11423 100644 --- a/sys/fs/msdosfs/msdosfs_fat.c +++ b/sys/fs/msdosfs/msdosfs_fat.c @@ -237,6 +237,11 @@ pcbmap(dep, findcn, bnp, cnp, sp) bp_bn = bn; } prevcn = cn; + if (bo >= bsize) { + if (bp) + brelse(bp); + return (EIO); + } if (FAT32(pmp)) cn = getulong(&bp->b_data[bo]); else |
