UBIFS: check buffer length when scanning for LPT nodes

author Adrian Hunter <ext-adrian.hunter@nokia.com>

Fri, 26 Sep 2008 09:52:21 +0000 (12:52 +0300)

committer Artem Bityutskiy <Artem.Bityutskiy@nokia.com>

Tue, 30 Sep 2008 08:12:59 +0000 (11:12 +0300)
author Adrian Hunter <ext-adrian.hunter@nokia.com>
Fri, 26 Sep 2008 09:52:21 +0000 (12:52 +0300)
committer Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Tue, 30 Sep 2008 08:12:59 +0000 (11:12 +0300)
diff --git a/fs/ubifs/lpt_commit.c b/fs/ubifs/lpt_commit.c

index 8546865a9104b3b09f821b351c8cae9c6631236c..eed5a0025d63f8b3b4d21dba633f4c9b208cb6be 100644 (file)
--- a/fs/ubifs/lpt_commit.c
+++ b/fs/ubifs/lpt_commit.c
@@ -1089,6 +1089,8 @@ static int is_a_node(struct ubifs_info *c, uint8_t *buf, int len)
         int pos = 0, node_type, node_len;
         uint16_t crc, calc_crc;
  
+       if (len < UBIFS_LPT_CRC_BYTES + (UBIFS_LPT_TYPE_BITS + 7) / 8)
+               return 0;
         node_type = ubifs_unpack_bits(&addr, &pos, UBIFS_LPT_TYPE_BITS);
         if (node_type == UBIFS_LPT_NOT_A_NODE)
                 return 0;
author	Adrian Hunter <ext-adrian.hunter@nokia.com>
	Fri, 26 Sep 2008 09:52:21 +0000 (12:52 +0300)
committer	Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
	Tue, 30 Sep 2008 08:12:59 +0000 (11:12 +0300)