We read the size of the name from the disk, but a larger name than
expected would cause memory corruption.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
int len)
{
struct squashfs_sb_info *msblk = sb->s_fs_info;
- int i, size, length = 0, err;
+ int i, length = 0, err;
+ unsigned int size;
struct squashfs_dir_index *index;
char *str;
size = le32_to_cpu(index->size) + 1;
+ if (size > SQUASHFS_NAME_LEN) {
+ err = -EINVAL;
+ break;
+ }
err = squashfs_read_metadata(sb, index->name, &index_start,
&index_offset, size);