git: a4bea5c479d8 - stable/13 - Fix a bug in fsck_ffs(8) triggered by corrupted filesystems.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 07 Jun 2023 23:15:40 UTC
The branch stable/13 has been updated by mckusick:
URL: https://cgit.FreeBSD.org/src/commit/?id=a4bea5c479d84d5fb10c6d78abce504253fe8e1d
commit a4bea5c479d84d5fb10c6d78abce504253fe8e1d
Author: Kirk McKusick <mckusick@FreeBSD.org>
AuthorDate: 2023-05-29 21:58:20 +0000
Commit: Kirk McKusick <mckusick@FreeBSD.org>
CommitDate: 2023-06-07 22:56:12 +0000
Fix a bug in fsck_ffs(8) triggered by corrupted filesystems.
Reported-by: Robert Morris
PR: 271414
Sponsored-by: The FreeBSD Foundation
(cherry picked from commit 6a71277c3037df2c3a70464c2e2bf20dec2c128a)
---
sbin/fsck_ffs/suj.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/sbin/fsck_ffs/suj.c b/sbin/fsck_ffs/suj.c
index 5a09943406c8..d1b6d8530ce6 100644
--- a/sbin/fsck_ffs/suj.c
+++ b/sbin/fsck_ffs/suj.c
@@ -2375,7 +2375,7 @@ suj_check(const char *filesys)
{
struct inodesc idesc;
struct csum *cgsum;
- union dinode *jip;
+ union dinode *dp, *jip;
struct inode ip;
uint64_t blocks;
int i, retval;
@@ -2417,7 +2417,17 @@ suj_check(const char *filesys)
idesc.id_func = findino;
idesc.id_name = SUJ_FILE;
ginode(UFS_ROOTINO, &ip);
- if ((ckinode(ip.i_dp, &idesc) & FOUND) == FOUND) {
+ dp = ip.i_dp;
+ if ((DIP(dp, di_mode) & IFMT) != IFDIR) {
+ irelse(&ip);
+ err_suj("root inode is not a directory\n");
+ }
+ if (DIP(dp, di_size) < 0 || DIP(dp, di_size) > MAXDIRSIZE) {
+ irelse(&ip);
+ err_suj("negative or oversized root directory %jd\n",
+ (uintmax_t)DIP(dp, di_size));
+ }
+ if ((ckinode(dp, &idesc) & FOUND) == FOUND) {
sujino = idesc.id_parent;
irelse(&ip);
} else {