[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 5/5] fs/iso9660: Prevent skipping CE or ST at start of continu
From: |
Lidong Chen |
Subject: |
[PATCH v2 5/5] fs/iso9660: Prevent skipping CE or ST at start of continuation area |
Date: |
Wed, 18 Jan 2023 08:23:58 +0000 |
If processing of a SUSP CE entry leads to a continuation area which
begins by entry CE or ST, then these entries were skipped without
interpretation. In case of CE this would lead to premature end of
processing the SUSP entries of the file. In case of ST this could
cause following non-SUSP bytes to be interpreted as SUSP entries.
Signed-off-by: Thomas Schmitt scdbackup@gmx.net
---
grub-core/fs/iso9660.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index ca45b3424..c3ed11f04 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -331,6 +331,18 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node,
grub_off_t off,
return err;
entry = (struct grub_iso9660_susp_entry *) sua;
+ /*
+ * The hook function will not process CE or ST.
+ * Advancing to the next entry would skip them.
+ */
+ ce = (struct grub_iso9660_susp_ce *) entry;
+ if (ce_block != grub_le_to_cpu32 (ce->blk) << GRUB_ISO9660_LOG2_BLKSZ
+ || off != grub_le_to_cpu32 (ce->off))
+ continue;
+ /*
+ * Ending up here indicates an endless loop by self reference.
+ * So skip this bad CE.
+ */
}
if (hook (entry, hook_arg))
--
2.35.1
- [PATCH v2 0/5] fs/iso9660: Fix out-of-bounds read, Lidong Chen, 2023/01/18
- [PATCH v2 4/5] fs/iso9660: Incorrect check for entry boundary, Lidong Chen, 2023/01/18
- [PATCH v2 3/5] fs/iso9660: Avoid reading past the entry boundary, Lidong Chen, 2023/01/18
- [PATCH v2 1/5] fs/iso9660: Add check to prevent infinite loop, Lidong Chen, 2023/01/18
- [PATCH v2 5/5] fs/iso9660: Prevent skipping CE or ST at start of continuation area,
Lidong Chen <=
- [PATCH v2 2/5] fs/iso9660: Prevent read past the end of system use area, Lidong Chen, 2023/01/18
- Re: [PATCH v2 0/5] fs/iso9660: Fix out-of-bounds read, Thomas Schmitt, 2023/01/18