github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
linux/fs/udf
History
Michael Bommarito 55d41b0a20 udf: reject descriptors with oversized CRC length 
udf_read_tagged() skips CRC verification when descCRCLength +
sizeof(struct tag) exceeds the block size.  A crafted UDF image can
set descCRCLength to an oversized value to bypass CRC validation
entirely; the descriptor is then accepted based solely on the 8-bit
tag checksum, which is trivially recomputable.

Reject such descriptors instead of silently accepting them.  A
legitimate single-block descriptor should never have a CRC length that
exceeds the block.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Assisted-by: Claude:claude-opus-4-6
Assisted-by: Codex:gpt-5-4
Signed-off-by: Michael Bommarito <michael.bommarito@gmail.com>
Link: https://patch.msgid.link/20260413211240.853662-1-michael.bommarito@gmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
2026-04-22 17:14:48 +02:00
..
balloc.c udf: refactor udf_next_aext() to handle error 2024-10-02 14:10:50 +02:00
dir.c udf: Track metadata bhs in fs-private inode part 2026-03-26 15:03:32 +01:00
directory.c vfs-7.1-rc1.bh.metadata 2026-04-13 12:46:42 -07:00
ecma_167.h udf: Avoid unneeded variable length array in struct fileIdentDesc 2023-10-03 11:27:52 +02:00
file.c vfs-7.1-rc1.bh.metadata 2026-04-13 12:46:42 -07:00
ialloc.c udf: convert to new timestamp accessors 2023-10-18 14:08:28 +02:00
inode.c \n 2026-04-15 19:22:16 -07:00
Kconfig fs: add CONFIG_BUFFER_HEAD 2023-08-02 09:13:09 -06:00
lowlevel.c fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier 2023-05-30 15:39:13 +02:00
Makefile
misc.c udf: reject descriptors with oversized CRC length 2026-04-22 17:14:48 +02:00
namei.c vfs-7.1-rc1.bh.metadata 2026-04-13 12:46:42 -07:00
osta_udf.h udf: Get rid of 0-length arrays 2021-08-11 16:54:44 +02:00
partition.c udf: refactor inode_bmap() to handle error 2024-10-02 14:32:29 +02:00
super.c \n 2026-04-15 19:22:16 -07:00
symlink.c udf: Convert udf_symlink_getattr() to use a folio 2024-04-23 15:37:02 +02:00
truncate.c udf: Track metadata bhs in fs-private inode part 2026-03-26 15:03:32 +01:00
udf_i.h udf: Track metadata bhs in fs-private inode part 2026-03-26 15:03:32 +01:00
udf_sb.h uapi: promote EFSCORRUPTED and EUCLEAN to errno.h 2026-01-13 09:58:01 +01:00
udfdecl.h udf: Track metadata bhs in fs-private inode part 2026-03-26 15:03:32 +01:00
udfend.h
udftime.c udf: udftime: prevent overflow in udf_disk_stamp_to_time() 2024-04-10 13:10:12 +02:00
unicode.c kernel.h: drop hex.h and update all hex.h users 2026-01-20 19:44:19 -08:00