git: 366da717deda - main - Add root directory entry check.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 18 Mar 2023 06:16:50 UTC
The branch main has been updated by fsu:
URL: https://cgit.FreeBSD.org/src/commit/?id=366da717deda3964ae369f1f2fbd62114d14c587
commit 366da717deda3964ae369f1f2fbd62114d14c587
Author: Fedor Uporov <fsu@FreeBSD.org>
AuthorDate: 2023-02-09 09:34:25 +0000
Commit: Fedor Uporov <fsu@FreeBSD.org>
CommitDate: 2023-03-18 06:16:22 +0000
Add root directory entry check.
Add check that directory entry with ino=EXT2_ROOTINO
have correct namelength and name. It is possible to
create malicious image which will cause panic if root
directory entry have incorrect name.
PR: 259068
Reported by: Robert Morris
Reviewed by: pfg
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D38502
---
sys/fs/ext2fs/ext2_lookup.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sys/fs/ext2fs/ext2_lookup.c b/sys/fs/ext2fs/ext2_lookup.c
index 67409a5e2a17..93a2d172e01f 100644
--- a/sys/fs/ext2fs/ext2_lookup.c
+++ b/sys/fs/ext2fs/ext2_lookup.c
@@ -818,6 +818,8 @@ ext2_dirbad(struct inode *ip, doff_t offset, char *how)
* record must be large enough to contain entry
* name is not longer than MAXNAMLEN
* name must be as long as advertised, and null terminated
+ * inode number less then inode count
+ * if root inode entry, it have correct name
*/
static int
ext2_check_direntry(struct vnode *dp, struct ext2fs_direct_2 *de,
@@ -836,6 +838,11 @@ ext2_check_direntry(struct vnode *dp, struct ext2fs_direct_2 *de,
error_msg = "directory entry across blocks";
else if (le32toh(de->e2d_ino) > fs->e2fs->e2fs_icount)
error_msg = "directory entry inode out of bounds";
+ else if (le32toh(de->e2d_ino) == EXT2_ROOTINO &&
+ ((de->e2d_namlen != 1 && de->e2d_namlen != 2) ||
+ (de->e2d_name[0] != '.') ||
+ (de->e2d_namlen == 2 && de->e2d_name[1] != '.')))
+ error_msg = "bad root directory entry";
if (error_msg != NULL) {
SDT_PROBE5(ext2fs, , trace, ext2_dirbadentry_error,