You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.8 KiB
48 lines
1.8 KiB
2 months ago
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Lidong Chen <lidong.chen@oracle.com>
|
||
|
Date: Thu, 28 Sep 2023 22:33:44 +0000
|
||
|
Subject: [PATCH] fs/xfs: Incorrect short form directory data boundary check
|
||
|
|
||
|
After parsing of the current entry, the entry pointer is advanced
|
||
|
to the next entry at the end of the "for" loop. In case where the
|
||
|
last entry is at the end of the data boundary, the advanced entry
|
||
|
pointer can point off the data boundary. The subsequent boundary
|
||
|
check for the advanced entry pointer can cause a failure.
|
||
|
|
||
|
The fix is to include the boundary check into the "for" loop
|
||
|
condition.
|
||
|
|
||
|
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
|
||
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||
|
Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
||
|
Tested-by: Marta Lewandowska <mlewando@redhat.com>
|
||
|
---
|
||
|
grub-core/fs/xfs.c | 7 ++-----
|
||
|
1 file changed, 2 insertions(+), 5 deletions(-)
|
||
|
|
||
|
diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
|
||
|
index b91cd32b49ab..ebf962793fa7 100644
|
||
|
--- a/grub-core/fs/xfs.c
|
||
|
+++ b/grub-core/fs/xfs.c
|
||
|
@@ -810,7 +810,8 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
||
|
if (iterate_dir_call_hook (parent, "..", &ctx))
|
||
|
return 1;
|
||
|
|
||
|
- for (i = 0; i < head->count; i++)
|
||
|
+ for (i = 0; i < head->count &&
|
||
|
+ (grub_uint8_t *) de < ((grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data)); i++)
|
||
|
{
|
||
|
grub_uint64_t ino;
|
||
|
grub_uint8_t *inopos = grub_xfs_inline_de_inopos(dir->data, de);
|
||
|
@@ -845,10 +846,6 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
|
||
|
de->name[de->len] = c;
|
||
|
|
||
|
de = grub_xfs_inline_next_de(dir->data, head, de);
|
||
|
-
|
||
|
- if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
|
||
|
- return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
|
||
|
-
|
||
|
}
|
||
|
break;
|
||
|
}
|