linux.git - Linux kernel source tree

diff options

author	Michael Bommarito <michael.bommarito@gmail.com>	2026-04-13 17:12:40 -0400
committer	Jan Kara <jack@suse.cz>	2026-04-22 17:14:48 +0200
commit	55d41b0a20128e86b9e960dd2e3f0a2d69a18df7 (patch)
tree	b687dc269849fdd3f60c4ec478da746d13305836 /include/linux/workqueue_api.h
parent	cc85e337278001c325afecfbc9a739a3b1b205f2 (diff)

udf: reject descriptors with oversized CRC length

udf_read_tagged() skips CRC verification when descCRCLength + sizeof(struct tag) exceeds the block size. A crafted UDF image can set descCRCLength to an oversized value to bypass CRC validation entirely; the descriptor is then accepted based solely on the 8-bit tag checksum, which is trivially recomputable. Reject such descriptors instead of silently accepting them. A legitimate single-block descriptor should never have a CRC length that exceeds the block. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Assisted-by: Claude:claude-opus-4-6 Assisted-by: Codex:gpt-5-4 Signed-off-by: Michael Bommarito <michael.bommarito@gmail.com> Link: https://patch.msgid.link/20260413211240.853662-1-michael.bommarito@gmail.com Signed-off-by: Jan Kara <jack@suse.cz>

Diffstat (limited to 'include/linux/workqueue_api.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: