Gitweb: http://git.fedorahosted.org/git/?p=gfs2-utils.git;a=commitdiff;h=cf933671309... Commit: cf9336713097a5ba8487921bf5b8097462798dba Parent: eb5d132a99dda1facef6448d9b86fdee98dcf7fa Author: Andrew Price anprice@redhat.com AuthorDate: Mon Oct 13 16:39:34 2014 +0100 Committer: Andrew Price anprice@redhat.com CommitterDate: Mon Oct 13 16:39:34 2014 +0100
gfs2_edit: Add bounds checking for the journalN keyword
Spotted by coverity: "Using tainted variable "journal_num + 2" as an index to array "indirect->ii[0].dirent""
Signed-off-by: Andrew Price anprice@redhat.com --- gfs2/edit/journal.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/gfs2/edit/journal.c b/gfs2/edit/journal.c index 81d7a90..a2aeb2c 100644 --- a/gfs2/edit/journal.c +++ b/gfs2/edit/journal.c @@ -41,6 +41,9 @@ uint64_t find_journal_block(const char *journal, uint64_t *j_size) char jbuf[sbd.bsize];
journal_num = atoi(journal + 7); + if (journal_num < 0) + return 0; + /* Figure out the block of the jindex file */ if (sbd.gfs1) jindex_block = sbd1->sb_jindex_di.no_addr; @@ -73,6 +76,8 @@ uint64_t find_journal_block(const char *journal, uint64_t *j_size) } else { struct gfs2_dinode jdi;
+ if (journal_num > indirect->ii[0].dirents - 2) + return 0; jblock = indirect->ii[0].dirent[journal_num + 2].block; j_bh = bread(&sbd, jblock); gfs2_dinode_in(&jdi, j_bh);/* parse dinode to struct */