On 10/15, Chao Yu wrote: > On 2018/10/10 8:46, Jaegeuk Kim wrote: > > From: Randall Huang <[email protected]> > > > > If the len is less than 24, heap buffer overflow is reported. > > > > Signed-off-by: Randall Huang <[email protected]> > > Signed-off-by: Jaegeuk Kim <[email protected]> > > Reviewed-by: Chao Yu <[email protected]> > > Thanks,
The correct one should be this. >From e78b033dea8ec556b9b4c216426150317a8e5640 Mon Sep 17 00:00:00 2001 From: Randall Huang <[email protected]> Date: Tue, 9 Oct 2018 17:38:01 -0700 Subject: [PATCH] fsck.f2fs: do not hard-code encrypted filename length to avoid heap buffer overflow If the len is less than 24, heap buffer overflow is reported. Signed-off-by: Randall Huang <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> --- fsck/fsck.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fsck/fsck.c b/fsck/fsck.c index 85d9823..366ba13 100644 --- a/fsck/fsck.c +++ b/fsck/fsck.c @@ -1145,7 +1145,7 @@ static int digest_encode(const char *src, int len, char *dst) int i = 0, bits = 0, ac = 0; char *cp = dst; - while (i < len) { + while (i < len && i < 24) { ac += (((unsigned char) src[i]) << bits); bits += 8; do { @@ -1173,7 +1173,7 @@ int convert_encrypted_name(unsigned char *name, u32 len, } *new = '_'; - return digest_encode((const char *)name, 24, (char *)new + 1); + return digest_encode((const char *)name, len, (char *)new + 1); } static void print_dentry(__u32 depth, __u8 *name, -- 2.19.0.605.g01d371f741-goog _______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
