Add root directory entry check.
ClosedPublic
Actions

Authored by fsu on Feb 11 2023, 7:39 AM.

Details

Reviewers

Commits

rG366da717deda: Add root directory entry check.

Summary

Add check that directory entry with ino=EXT2_ROOTINO have correct namelength and name. It is possible to create malicious image which will cause panic if root directory entry have incorrect name.

Fix: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259068

Test Plan

ext2fs does not panic on malicious image from 259068

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

fsu created this revision.Feb 11 2023, 7:39 AM

Herald added a subscriber: imp. · View Herald TranscriptFeb 11 2023, 7:39 AM

fsu requested review of this revision.Feb 11 2023, 7:39 AM

I think this is the first time I have seen a char string return value. Can we keep the same coding style as in ext2_check_direntry() ?
That is .. assigning error_msg within the function instead of returning it.

gbe added a subscriber: gbe.Feb 12 2023, 3:57 PM

Ok, let's remove ext2_check_root_direntry() completely.

LGTM

This revision is now accepted and ready to land.Feb 18 2023, 7:02 PM

Closed by commit rG366da717deda: Add root directory entry check. (authored by fsu). · Explain WhyMar 18 2023, 6:17 AM

This revision was automatically updated to reflect the committed changes.

fsu added a commit: rG366da717deda: Add root directory entry check..