diff options
| author | Eric Biggers <[email protected]> | 2023-03-27 21:15:05 -0700 |
|---|---|---|
| committer | Eric Biggers <[email protected]> | 2023-04-11 19:23:23 -0700 |
| commit | 39049b69ec9fc125fa1f314165dcc86f72cb72ec (patch) | |
| tree | f7551132981d66deaf709634edee1fd69c4c3147 /drivers/usb/cdns3/cdns3-debug.h | |
| parent | 8eb8af4b3df5965dc65a24a32768043f39d82d59 (diff) | |
fsverity: explicitly check for buffer overflow in build_merkle_tree()
The new Merkle tree construction algorithm is a bit fragile in that it
may overflow the 'root_hash' array if the tree actually generated does
not match the calculated tree parameters.
This should never happen unless there is a filesystem bug that allows
the file size to change despite deny_write_access(), or a bug in the
Merkle tree logic itself. Regardless, it's fairly easy to check for
buffer overflow here, so let's do so.
This is a robustness improvement only; this case is not currently known
to be reachable. I've added a Fixes tag anyway, since I recommend that
this be included in kernels that have the mentioned commit.
Fixes: 56124d6c87fd ("fsverity: support enabling with tree block size < PAGE_SIZE")
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Eric Biggers <[email protected]>
Diffstat (limited to 'drivers/usb/cdns3/cdns3-debug.h')
0 files changed, 0 insertions, 0 deletions