• Jan Kara's avatar
    isofs: Fix unbounded recursion when processing relocated directories · 410dd3cf
    Jan Kara authored
    We did not check relocated directory in any way when processing Rock
    Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
    entry pointing to another CL entry leading to possibly unbounded
    recursion in kernel code and thus stack overflow or deadlocks (if there
    is a loop created from CL entries).
    Fix the problem by not allowing CL entry to point to a directory entry
    with CL entry (such use makes no good sense anyway) and by checking
    whether CL entry doesn't point to itself.
    CC: stable@vger.kernel.org
    Reported-by: default avatarChris Evans <cevans@google.com>
    Signed-off-by: default avatarJan Kara <jack@suse.cz>
isofs.h 6.3 KB