drivers/cdrom/cdrom.c: relax check on dvd manufacturer value

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The report has an ISO which has a very long manufacturer ID. It seems
that Linux is wrong, not the ISO maker.

Relax the check for the length of this field: emit a warning and truncate
the incoming data to 2048 bytes rather than rejecting the entire thing.

dvd_manufact.value isn't null-terminated. I'm not even sure if it's a
string. The kernel doesn't apepar to use it anyway.

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=39062

Reported-by: <ale.goujon@gmail.com>
Tested-by: <ale.goujon@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

authored by

Andrew Morton and committed by

Jens Axboe 14 years ago aec9f377 ddad9ef5

+7 -1

1 changed file

expand all

drivers

cdrom

cdrom.c

+7 -1

drivers/cdrom/cdrom.c

··· 1929 1929 goto out; 1930 1930 1931 1931 s->manufact.len = buf[0] << 8 | buf[1]; 1932 - if (s->manufact.len < 0 || s->manufact.len > 2048) { 1932 + if (s->manufact.len < 0) { 1933 1933 cdinfo(CD_WARNING, "Received invalid manufacture info length" 1934 1934 " (%d)\n", s->manufact.len); 1935 1935 ret = -EIO; 1936 1936 } else { 1937 + if (s->manufact.len > 2048) { 1938 + cdinfo(CD_WARNING, "Received invalid manufacture info " 1939 + "length (%d): truncating to 2048\n", 1940 + s->manufact.len); 1941 + s->manufact.len = 2048; 1942 + } 1937 1943 memcpy(s->manufact.value, &buf[4], s->manufact.len); 1938 1944 } 1939 1945