Re: [PATCH] ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len

From: Richard Weinberger
Date: Mon Mar 30 2020 - 17:31:27 EST


On Thu, Jan 16, 2020 at 4:37 PM Liu Song <fishland@xxxxxxxxxx> wrote:
>
> From: Liu Song <liu.song11@xxxxxxxxxx>
>
> In âubifs_check_nodeâ, when the value of "node_len" is abnormal,
> the code will goto label of "out_len" for execution. Then, in the
> following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE",
> in "print_hex_dump", an out-of-bounds access may occur due to the
> wrong "ch->len".
>
> Therefore, when the value of "node_len" is abnormal, data length
> should to be adjusted to a reasonable safe range. At this time,
> structured data is not credible, so dump the corrupted data directly
> for analysis.
>
> Signed-off-by: Liu Song <liu.song11@xxxxxxxxxx>

Applied, thanks!

--
Thanks,
//richard