[PATCH 0/5] [SRU][B/master] squashfs hardening
Paolo Pisati
paolo.pisati at canonical.com
Tue Feb 19 14:23:24 UTC 2019
"There are a number of squashfs hardening fixes. They don't have CVE number
assigned but it would be good to backport the fixes to harden our kernel against
malicious squashfs images. Snaps are simply squashfs images so an attacker could
craft a malicious snap and attack the kernel of end users that install their
crafted snaps."
All clean cherry-picks from upstream.
Linus Torvalds (4):
squashfs: be more careful about metadata corruption
squashfs: more metadata hardening
squashfs metadata 2: electric boogaloo
squashfs: more metadata hardening
Phillip Lougher (1):
Squashfs: Compute expected length from inode size rather than block
length
fs/squashfs/block.c | 2 ++
fs/squashfs/cache.c | 3 +++
fs/squashfs/file.c | 58 ++++++++++++++++++++++++++------------------
fs/squashfs/file_cache.c | 4 +--
fs/squashfs/file_direct.c | 24 +++++++++---------
fs/squashfs/fragment.c | 17 +++++++------
fs/squashfs/squashfs.h | 3 ++-
fs/squashfs/squashfs_fs.h | 6 +++++
fs/squashfs/squashfs_fs_sb.h | 1 +
fs/squashfs/super.c | 5 ++--
10 files changed, 75 insertions(+), 48 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list