diff options
author | Darrick J. Wong <darrick.wong@oracle.com> | 2014-10-25 13:56:42 -0700 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2014-11-04 11:39:51 -0500 |
commit | dab7435917698bb490cce61fc8be1be0a862cf66 (patch) | |
tree | 062272199fb3f135af0fb0728d9630412173f5fc /lib/ext2fs/dir_iterate.c | |
parent | 160f131deed7d3db2aa958051eef7ae8fafa8539 (diff) | |
download | e2fsprogs-dab7435917698bb490cce61fc8be1be0a862cf66.tar.gz |
libext2fs: directory iteration mustn't walk off the buffer end
When we're iterating a directory, the loop control code reads the
length of the next directory record, failing to account for the fact
that there must be at least 8 bytes (the minimum size of a directory
entry) left in the buffer to read the next directory record. Fix the
loop conditional so that we don't read off the end of the buffer.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reported-by: Sami Liedes <sami.liedes@iki.fi>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'lib/ext2fs/dir_iterate.c')
-rw-r--r-- | lib/ext2fs/dir_iterate.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ext2fs/dir_iterate.c b/lib/ext2fs/dir_iterate.c index 589af692..0744ee85 100644 --- a/lib/ext2fs/dir_iterate.c +++ b/lib/ext2fs/dir_iterate.c @@ -202,7 +202,7 @@ int ext2fs_process_dir_block(ext2_filsys fs, if (ctx->errcode) return BLOCK_ABORT; - while (offset < fs->blocksize) { + while (offset < fs->blocksize - 8) { dirent = (struct ext2_dir_entry *) (ctx->buf + offset); if (ext2fs_get_rec_len(fs, dirent, &rec_len)) return BLOCK_ABORT; |