drivers/cdrom/cdrom.c: relax check on dvd manufacturer value
Andrew Morton [Tue, 2 Aug 2011 10:43:50 +0000 (12:43 +0200)]
The report has an ISO which has a very long manufacturer ID.  It seems
that Linux is wrong, not the ISO maker.

Relax the check for the length of this field: emit a warning and truncate
the incoming data to 2048 bytes rather than rejecting the entire thing.

dvd_manufact.value isn't null-terminated.  I'm not even sure if it's a
string.  The kernel doesn't apepar to use it anyway.

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=39062

Reported-by: <ale.goujon@gmail.com>
Tested-by: <ale.goujon@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>

drivers/cdrom/cdrom.c

index 75fb965..f997c27 100644 (file)
@@ -1929,11 +1929,17 @@ static int dvd_read_manufact(struct cdrom_device_info *cdi, dvd_struct *s,
                goto out;
 
        s->manufact.len = buf[0] << 8 | buf[1];
-       if (s->manufact.len < 0 || s->manufact.len > 2048) {
+       if (s->manufact.len < 0) {
                cdinfo(CD_WARNING, "Received invalid manufacture info length"
                                   " (%d)\n", s->manufact.len);
                ret = -EIO;
        } else {
+               if (s->manufact.len > 2048) {
+                       cdinfo(CD_WARNING, "Received invalid manufacture info "
+                                       "length (%d): truncating to 2048\n",
+                                       s->manufact.len);
+                       s->manufact.len = 2048;
+               }
                memcpy(s->manufact.value, &buf[4], s->manufact.len);
        }