[PATCH v2 5/5] fs/iso9660: Prevent skipping CE or ST at start of continuation area

[Lidong Chen]

If processing of a SUSP CE entry leads to a continuation area which
begins by entry CE or ST, then these entries were skipped without
interpretation. In case of CE this would lead to premature end of
processing the SUSP entries of the file. In case of ST this could
cause following non-SUSP bytes to be interpreted as SUSP entries.

Signed-off-by: Thomas Schmitt scdbackup@gmx.net
---
 grub-core/fs/iso9660.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index ca45b3424..c3ed11f04 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -331,6 +331,18 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node, 
grub_off_t off,
            return err;
 
          entry = (struct grub_iso9660_susp_entry *) sua;
+         /*
+          * The hook function will not process CE or ST.
+          * Advancing to the next entry would skip them.
+          */
+         ce = (struct grub_iso9660_susp_ce *) entry;
+         if (ce_block != grub_le_to_cpu32 (ce->blk) << GRUB_ISO9660_LOG2_BLKSZ
+              || off != grub_le_to_cpu32 (ce->off))
+           continue;
+         /*
+          * Ending up here indicates an endless loop by self reference.
+          * So skip this bad CE.
+          */
        }
 
       if (hook (entry, hook_arg))
-- 
2.35.1