[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/5] fs/iso9660: Add check to prevent infinite loop
|
From: |
Thomas Schmitt |
|
Subject: |
Re: [PATCH v2 1/5] fs/iso9660: Add check to prevent infinite loop |
|
Date: |
Wed, 18 Jan 2023 17:07:34 +0100 |
Hi,
On Wed, 18 Jan 2023 08:23:54 +0000 Lidong Chen <lidong.chen@oracle.com> wrote:
> There is no check for the end of block when reading
> directory extents. It resulted in read_node() always
> read from the same offset in the while loop, thus
> caused infinite loop. The fix added a check for the
> end of the block and ensure the read is within directory
> boundary.
>
> Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
> Reviewed-by: Thomas Schmitt <scdbackup@gmx.net>
> ---
> grub-core/fs/iso9660.c | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
> diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
> index 91817ec1f..4f4cd6165 100644
> --- a/grub-core/fs/iso9660.c
> +++ b/grub-core/fs/iso9660.c
> @@ -795,6 +795,15 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
> while (dirent.flags & FLAG_MORE_EXTENTS)
> {
> offset += dirent.len;
> +
> + /* offset should within the dir's len. */
> + if (offset > len)
> + {
> + if (ctx.filename_alloc)
> + grub_free (ctx.filename);
> + return 0;
> + }
> +
> if (read_node (dir, offset, sizeof (dirent), (char *) &dirent))
> {
> if (ctx.filename_alloc)
> @@ -802,6 +811,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
> grub_free (node);
> return 0;
> }
> +
> + /*
> + * It is either the end of block or zero-padded sector,
> + * skip to the next block.
> + */
> + if (!dirent.len)
> + {
> + offset = (offset / GRUB_ISO9660_BLKSZ + 1) * GRUB_ISO9660_BLKSZ;
> + dirent.flags |= FLAG_MORE_EXTENTS;
> + continue;
> + }
> +
> if (node->have_dirents >= node->alloc_dirents)
> {
> struct grub_fshelp_node *new_node;
> --
> 2.35.1
Reviewed-by: Thomas Schmitt <scdbackup@gmx.net>
(I'm not sure whether is appropriate to add another Reviewed-by after it
was already given and only a minor cosmetic change was made to the patch.
If this is not ok, then please give me a note.)
Have a nice day :)
Thomas
- [PATCH v2 0/5] fs/iso9660: Fix out-of-bounds read, Lidong Chen, 2023/01/18
- [PATCH v2 4/5] fs/iso9660: Incorrect check for entry boundary, Lidong Chen, 2023/01/18
- [PATCH v2 3/5] fs/iso9660: Avoid reading past the entry boundary, Lidong Chen, 2023/01/18
- [PATCH v2 1/5] fs/iso9660: Add check to prevent infinite loop, Lidong Chen, 2023/01/18
- Re: [PATCH v2 1/5] fs/iso9660: Add check to prevent infinite loop,
Thomas Schmitt <=
- [PATCH v2 5/5] fs/iso9660: Prevent skipping CE or ST at start of continuation area, Lidong Chen, 2023/01/18
- [PATCH v2 2/5] fs/iso9660: Prevent read past the end of system use area, Lidong Chen, 2023/01/18
- Re: [PATCH v2 0/5] fs/iso9660: Fix out-of-bounds read, Thomas Schmitt, 2023/01/18