Hi Richard,

rich...@nod.at wrote on Fri,  2 Aug 2024 18:36:47 +0200:

> The squashfs driver blindly follows symlinks, and calls sqfs_size()
> recursively. So an attacker can create a crafted filesystem and with
> a deep enough nesting level a stack overflow can be achieved.
> 
> Fix by limiting the nesting level to 8.
> 
> Signed-off-by: Richard Weinberger <rich...@nod.at>

Reviewed-by: Miquel Raynal <miquel.ray...@bootlin.com>

Thanks,
Miquèl

Reply via email to