summaryrefslogtreecommitdiff
path: root/lib/sqfs/deserialize_fstree.c
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-08-23 12:10:16 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-08-23 12:10:16 +0200
commit029a8db2701afb0653c6e789c878bb768ceb87e1 (patch)
tree86b1c8406d6c7755d19017d98406177660403f54 /lib/sqfs/deserialize_fstree.c
parent7c028e224978e1d5a4f207cc42b9eb58d81897dd (diff)
Do bounds checking in metadata reader
In all cases where metadata blocks are read, we can roughly (in some cases even preciesly) say in what range those metadata blocks will be, so it makes sense to throw an error if an attempt is made to wander outside this range. Furthermore, when reading from an uncompressed block, it is more reasonable to check against the actual block bounds than to padd it with 0 bytes. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'lib/sqfs/deserialize_fstree.c')
-rw-r--r--lib/sqfs/deserialize_fstree.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/sqfs/deserialize_fstree.c b/lib/sqfs/deserialize_fstree.c
index 050a1df..11670e1 100644
--- a/lib/sqfs/deserialize_fstree.c
+++ b/lib/sqfs/deserialize_fstree.c
@@ -201,19 +201,26 @@ static int fill_dir(meta_reader_t *ir, meta_reader_t *dr, tree_node_t *root,
int deserialize_fstree(fstree_t *out, sqfs_super_t *super, compressor_t *cmp,
int fd, int flags)
{
+ uint64_t block_start, limit;
sqfs_inode_generic_t *root;
meta_reader_t *ir, *dr;
- uint64_t block_start;
xattr_reader_t *xr;
id_table_t idtbl;
int status = -1;
size_t offset;
- ir = meta_reader_create(fd, cmp);
+ ir = meta_reader_create(fd, cmp, super->inode_table_start,
+ super->directory_table_start);
if (ir == NULL)
return -1;
- dr = meta_reader_create(fd, cmp);
+ limit = super->id_table_start;
+ if (super->export_table_start < limit)
+ limit = super->export_table_start;
+ if (super->fragment_table_start < limit)
+ limit = super->fragment_table_start;
+
+ dr = meta_reader_create(fd, cmp, super->directory_table_start, limit);
if (dr == NULL)
goto out_ir;