| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 16:11:26 +0200
From: Lukas Czerner <lczerner@...hat.com>
To: Theodore Ts'o <tytso@....edu>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>,
Nils Bars <nils.bars@....de>,
Moritz Schlögel <moritz.schloegel@....de>,
Nico Schiller <nico.schiller@....de>
Subject: Re: [PATCH 6/7] libext2fs: check for cyclic loops in the extent tree
On Tue, Jun 07, 2022 at 12:24:43AM -0400, Theodore Ts'o wrote:
> In the extent tree handling code in libext2fs, when we go move down
> the extent tree, if a cyclic loop is detected, return an error.
Looks good.
Reviewed-by: Lukas Czerner <lczerner@...hat.com>
>
> Reported-by: Nils Bars <nils.bars@....de>
> Reported-by: Moritz Schlögel <moritz.schloegel@....de>
> Reported-by: Nico Schiller <nico.schiller@....de>
> Signed-off-by: Theodore Ts'o <tytso@....edu>
> ---
> lib/ext2fs/ext2_err.et.in | 3 +++
> lib/ext2fs/extent.c | 11 +++++++++--
> 2 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/lib/ext2fs/ext2_err.et.in b/lib/ext2fs/ext2_err.et.in
> index cf0e00ea..bb1dcf14 100644
> --- a/lib/ext2fs/ext2_err.et.in
> +++ b/lib/ext2fs/ext2_err.et.in
> @@ -551,4 +551,7 @@ ec EXT2_ET_NO_GDESC,
> ec EXT2_FILSYS_CORRUPTED,
> "The internal ext2_filsys data structure appears to be corrupted"
>
> +ec EXT2_ET_EXTENT_CYCLE,
> + "Found cyclic loop in extent tree"
> +
> end
> diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
> index 1a206a16..82e75ccd 100644
> --- a/lib/ext2fs/extent.c
> +++ b/lib/ext2fs/extent.c
> @@ -47,6 +47,7 @@ struct extent_path {
> int visit_num;
> int flags;
> blk64_t end_blk;
> + blk64_t blk;
> void *curr;
> };
>
> @@ -286,6 +287,7 @@ errcode_t ext2fs_extent_open2(ext2_filsys fs, ext2_ino_t ino,
> handle->path[0].end_blk =
> (EXT2_I_SIZE(handle->inode) + fs->blocksize - 1) >>
> EXT2_BLOCK_SIZE_BITS(fs->super);
> + handle->path[0].blk = 0;
> handle->path[0].visit_num = 1;
> handle->level = 0;
> handle->magic = EXT2_ET_MAGIC_EXTENT_HANDLE;
> @@ -305,14 +307,14 @@ errout:
> errcode_t ext2fs_extent_get(ext2_extent_handle_t handle,
> int flags, struct ext2fs_extent *extent)
> {
> - struct extent_path *path, *newpath;
> + struct extent_path *path, *newpath, *tp;
> struct ext3_extent_header *eh;
> struct ext3_extent_idx *ix = 0;
> struct ext3_extent *ex;
> errcode_t retval;
> blk64_t blk;
> blk64_t end_blk;
> - int orig_op, op;
> + int orig_op, op, l;
> int failed_csum = 0;
>
> EXT2_CHECK_MAGIC(handle, EXT2_ET_MAGIC_EXTENT_HANDLE);
> @@ -467,6 +469,11 @@ retry:
> }
> blk = ext2fs_le32_to_cpu(ix->ei_leaf) +
> ((__u64) ext2fs_le16_to_cpu(ix->ei_leaf_hi) << 32);
> + for (l = handle->level, tp = path; l > 0; l--, tp--) {
> + if (blk == tp->blk)
> + return EXT2_ET_EXTENT_CYCLE;
> + }
> + newpath->blk = blk;
> if ((handle->fs->flags & EXT2_FLAG_IMAGE_FILE) &&
> (handle->fs->io != handle->fs->image_io))
> memset(newpath->buf, 0, handle->fs->blocksize);
> --
> 2.31.0
>
Powered by blists - more mailing lists