Received: by 10.192.165.148 with SMTP id m20csp2522676imm; Sun, 22 Apr 2018 08:47:45 -0700 (PDT) X-Google-Smtp-Source: AIpwx49AZPPyJuYgx8A+OvHCzA4kE3mku5BtQ4EeHEDE+b+mDOrMP2i2Fk/0zy/a1eYYFjgC+YO4 X-Received: by 10.98.211.143 with SMTP id z15mr16998670pfk.100.1524412065537; Sun, 22 Apr 2018 08:47:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524412065; cv=none; d=google.com; s=arc-20160816; b=qVDgPrCTCnyWpjoQsBKVtroHGxEXvFvA6lhKShnXsST8dcCNjK/G/rEb0ps8AJX4DR 1GWMid6KqQpUhflgDjtfbrX846RmIPZXLsoenQtBFHEQfgQ3mbzV99ywyXDvgAsxZ055 k0WpvKlBpXzyITDJt/+Ve8E070sNd8YlWqyGOnVl+VVwhx/Jc2F6CfyyeiCYWWPdnw7i 3shyqnmVVKs4hKISddiKqc941kjH1qJBSfalw3Ge+Argfp78l/wvg3DMfc1BMjEt09y2 Wn/7OX+ti9Sw3eq6WeK6k1KbEJiuhEX2GwNRypS1sFwnaRPpmGgWQFWMIUO47lD14NyT 3Rtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=gSbIv30f7dVrIuo3OisFloMrlG3und0AISsasdIf/iQ=; b=dtupaBaeHPngQqVa3+TnlHajQ1HaphMAt9YFx/88TtpOCs8HTCwva0HECuzIAmfCuX nveL4Ptdy6Urtv14LY9bLkOYEkuqB3uBK7vzS7CosAWE49TcIoL94anztHLA1Rr5pgt8 l3i8tpc5Hml1qMciND9iUpG+F8T3nLHBwkT3BWGKPItINvRdWT84lJ2Ic9GKVdUVYQT0 lQaSkvAl/F/KsrRfqcIqgMuO6YArLo9te4bD2cwVO3bmPfHUL1fgXjkzucGT+5tnvJxy SK3gVYYqlZn7GSs0krtkiTRHbTGa/SLxzkzOG0fICZo/KhTX1ad8w/6SfRTNYL+lpeR+ jX+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d9si6966149pge.290.2018.04.22.08.47.31; Sun, 22 Apr 2018 08:47:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754972AbeDVPpw (ORCPT + 99 others); Sun, 22 Apr 2018 11:45:52 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:48558 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754845AbeDVOC2 (ORCPT ); Sun, 22 Apr 2018 10:02:28 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id CAEC69C; Sun, 22 Apr 2018 14:02:27 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mingye Wang , Jan Kara Subject: [PATCH 4.16 180/196] udf: Fix leak of UTF-16 surrogates into encoded strings Date: Sun, 22 Apr 2018 15:53:20 +0200 Message-Id: <20180422135113.563364509@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180422135104.278511750@linuxfoundation.org> References: <20180422135104.278511750@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Jan Kara commit 44f06ba8297c7e9dfd0e49b40cbe119113cca094 upstream. OSTA UDF specification does not mention whether the CS0 charset in case of two bytes per character encoding should be treated in UTF-16 or UCS-2. The sample code in the standard does not treat UTF-16 surrogates in any special way but on systems such as Windows which work in UTF-16 internally, filenames would be treated as being in UTF-16 effectively. In Linux it is more difficult to handle characters outside of Base Multilingual plane (beyond 0xffff) as NLS framework works with 2-byte characters only. Just make sure we don't leak UTF-16 surrogates into the resulting string when loading names from the filesystem for now. CC: stable@vger.kernel.org # >= v4.6 Reported-by: Mingye Wang Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman --- fs/udf/unicode.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/udf/unicode.c +++ b/fs/udf/unicode.c @@ -28,6 +28,9 @@ #include "udf_sb.h" +#define SURROGATE_MASK 0xfffff800 +#define SURROGATE_PAIR 0x0000d800 + static int udf_uni2char_utf8(wchar_t uni, unsigned char *out, int boundlen) @@ -37,6 +40,9 @@ static int udf_uni2char_utf8(wchar_t uni if (boundlen <= 0) return -ENAMETOOLONG; + if ((uni & SURROGATE_MASK) == SURROGATE_PAIR) + return -EINVAL; + if (uni < 0x80) { out[u_len++] = (unsigned char)uni; } else if (uni < 0x800) {