summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKirill Kuvaldin <kuvkir@epsmu.com>2007-07-31 00:38:58 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-31 15:39:41 -0700
commit817794e0df5fea495396c18878804044436832be (patch)
tree2560d16e6299eb8879fc821b2e5d36ee5631eb54
parent541510fc28b72eab37361e9e95f48746b4d3302b (diff)
downloadlinux-817794e0df5fea495396c18878804044436832be.tar.bz2
isofs: mounting to regular file may succeed
It turned out that mounting a corrupted ISO image to a regular file may succeed, e.g. if an image was prepared as follows: $ dd if=correct.iso of=bad.iso bs=4k count=8 We then can mount it to a regular file: # mount -o loop -t iso9660 bad.iso /tmp/file But mounting it to a directory fails with -ENOTDIR, simply because the root directory inode doesn't have S_IFDIR set and the condition in graft_tree() is met: if (S_ISDIR(nd->dentry->d_inode->i_mode) != S_ISDIR(mnt->mnt_root->d_inode->i_mode)) return -ENOTDIR This is because the root directory inode was read from an incorrect block. It's supposed to be read from sbi->s_firstdatazone, which is an absolute value and gets messed up in the case of an incorrect image. In order to somehow circumvent this we have to check that the root directory inode is actually a directory after all. Signed-off-by: Kirill Kuvaldin <kuvkir@epsmu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/isofs/inode.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
index 95c72aa81867..043b470fd3b6 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -846,6 +846,15 @@ root_found:
goto out_no_root;
if (!inode->i_op)
goto out_bad_root;
+
+ /* Make sure the root inode is a directory */
+ if (!S_ISDIR(inode->i_mode)) {
+ printk(KERN_WARNING
+ "isofs_fill_super: root inode is not a directory. "
+ "Corrupted media?\n");
+ goto out_iput;
+ }
+
/* get the root dentry */
s->s_root = d_alloc_root(inode);
if (!(s->s_root))