From 8f542d9f0222302b44fca861031ccf09e78d9be5 Mon Sep 17 00:00:00 2001 From: renxudong Date: Sun, 11 Aug 2019 01:01:03 -0400 Subject: [PATCH 1/8] unsquashfs-Fix-one-off-error-in-name-length-check --- squashfs-tools/unsquash-1.c | 6 +++--- squashfs-tools/unsquash-3.c | 6 +++--- squashfs-tools/unsquash-4.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c index c2e7d38..6209243 100644 --- a/squashfs-tools/unsquash-1.c +++ b/squashfs-tools/unsquash-1.c @@ -2,7 +2,7 @@ * Unsquash a squashfs filesystem. This is a highly compressed read only * filesystem. * - * Copyright (c) 2009, 2010, 2011, 2012 + * Copyright (c) 2009, 2010, 2011, 2012, 2019 * Phillip Lougher * * This program is free software; you can redistribute it and/or @@ -278,8 +278,8 @@ struct dir *squashfs_opendir_1(unsigned int block_start, unsigned int offset, sizeof(*dire)); bytes += sizeof(*dire); - /* size should never be larger than SQUASHFS_NAME_LEN */ - if(dire->size > SQUASHFS_NAME_LEN) + /* size should never be SQUASHFS_NAME_LEN or larger */ + if(dire->size >= SQUASHFS_NAME_LEN) goto corrupted; memcpy(dire->name, directory_table + bytes, diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c index d5af57a..92e18c5 100644 --- a/squashfs-tools/unsquash-3.c +++ b/squashfs-tools/unsquash-3.c @@ -2,7 +2,7 @@ * Unsquash a squashfs filesystem. This is a highly compressed read only * filesystem. * - * Copyright (c) 2009, 2010, 2011, 2012, 2013 + * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019 * Phillip Lougher * * This program is free software; you can redistribute it and/or @@ -356,8 +356,8 @@ struct dir *squashfs_opendir_3(unsigned int block_start, unsigned int offset, sizeof(*dire)); bytes += sizeof(*dire); - /* size should never be larger than SQUASHFS_NAME_LEN */ - if(dire->size > SQUASHFS_NAME_LEN) + /* size should never be SQUASHFS_NAME_LEN or larger */ + if(dire->size >= SQUASHFS_NAME_LEN) goto corrupted; memcpy(dire->name, directory_table + bytes, diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c index 9414016..cf30ec1 100644 --- a/squashfs-tools/unsquash-4.c +++ b/squashfs-tools/unsquash-4.c @@ -2,7 +2,7 @@ * Unsquash a squashfs filesystem. This is a highly compressed read only * filesystem. * - * Copyright (c) 2009, 2010, 2011, 2012, 2013 + * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019 * Phillip Lougher * * This program is free software; you can redistribute it and/or @@ -319,8 +319,8 @@ struct dir *squashfs_opendir_4(unsigned int block_start, unsigned int offset, bytes += sizeof(*dire); - /* size should never be larger than SQUASHFS_NAME_LEN */ - if(dire->size > SQUASHFS_NAME_LEN) + /* size should never be SQUASHFS_NAME_LEN or larger */ + if(dire->size >= SQUASHFS_NAME_LEN) goto corrupted; memcpy(dire->name, directory_table + bytes, -- 1.8.3.1