From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1p66TT-0001xp-8a for mharc-grub-devel@gnu.org; Fri, 16 Dec 2022 03:53:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p66TS-0001wI-9U for grub-devel@gnu.org; Fri, 16 Dec 2022 03:53:46 -0500 Received: from mout.gmx.net ([212.227.17.20]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p66TQ-0005F6-Jx for grub-devel@gnu.org; Fri, 16 Dec 2022 03:53:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1671180801; bh=N9uBKDDTNhokTOtKSZQDCGRwbF6JRK5QqhtPo16G6i4=; h=X-UI-Sender-Class:Date:From:To:Subject:Cc:References:In-Reply-To; b=bWunCSc1VJZFBpd04iJpgBv7+3OcO6QNB2gy9vjQJbV7wHQz1RtuzCH4/djV452q7 tQmF9zlfqK0VAoB27Ifk5JBofG+1+eGy86Lizbmb32J/vUjJFdR9UkLjKr47u8SY2j EStp8oPJ0g47F8lKUxHlAzy5hgldFDxHQOIa/4QgarslAEGFDX35ASC5aTGeChjnv6 d7gVuOwvYuU2IFhS9RwtgI4t6JYi5uwBfwd9yXh9DTu4zzyqTYNeo2d3gz2YNQCYI5 TFdHnQrS//wnvgAsuwgzS/nLonGd2+i2D1whLKCHygj5W57mlDHkFT3iSRer1tI89h D3SRLSsv4Dvmw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from scdbackup.webframe.org ([84.179.236.73]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N9MpY-1orxqP1C7Q-015GBu; Fri, 16 Dec 2022 09:53:21 +0100 Date: Fri, 16 Dec 2022 09:54:05 +0100 From: "Thomas Schmitt" To: grub-devel@gnu.org Subject: Re: [PATCH 2/4] fs/iso9660: Prevent read past the end of system use area Content-Type: text/plain; charset="utf-8" Cc: lidong.chen@oracle.com, fengtao40@huawei.com, yanan@huawei.com, daniel.kiper@oracle.com, lichenca2005@gmail.com References: <307c2d0fba1b8fb12c0724425b8037d20b7aed06.1671042887.git.lidong.chen@oracle.com> In-Reply-To: <307c2d0fba1b8fb12c0724425b8037d20b7aed06.1671042887.git.lidong.chen@oracle.com> Message-Id: <22201389617937792494@scdbackup.webframe.org> X-Provags-ID: V03:K1:XnGT/r8OVbKuf5zLuLj2yno4w6dm1cQLff2BQyOFry7JQl47nrJ jtENq/skWRE12jPRBKbCT7uLxTYg6DwXKfp3is5uU75WrC8JF+2JqmErvpu/d5FZ2/41EKb WpZdPaUGNVwip/6Ql9pk8syK0uSPa+Et0faqaZ429Xu1BquSW+jxE5yn9z5z7HC/PWdYTM7 iOBy+5VsqVq/Abvt2hLRA== UI-OutboundReport: notjunk:1;M01:P0:G/Nt2hlgEHU=;hubNzL1BYFgqxlIFSqXULwyMgEK bzf3WiOXLlNjSItFdeoM7JOdiqdkkLPMOq8nXcDDX3mOPGZyh8wgm51p8YWx1kRf6YffuptkL wWEHfBi+ryikVAIYFZLCDVkCMdckz2SJ+gMq2k41durE7aaHv/kvIdQKH+xDiGk6jMTY1o9As 2PC1hdpUeMA3Cy/g2ta5GA8uFxjkBRJH4dF63DWb7JVc2e316l+4eCrsJ83ukzSWT5skSsyi9 +xGjMWsWKkV8qOdMzXhvUBRaJT9dVZhfTcYYaUVCeqvW/XnocvrT0MdMFLHViC/qtfOtSjT1u 8pi6Ddbu0wZhCaAy4kPLC1xgiiRj4+0eKqJH61CaTU0ZlGZd6MgFhDeGLjOXvW8vFFm91Sfwp VnaV7NFhuRxo5wo0Y8/uz9g9YN/HIn2zjzt+mf12t30lR3Bue8SJ4XFrNDbDBMVCB+BWQ3nF1 tp2AhRaS9JATUEn4m21M1EGDfyABT8WB9OGz5fWpfZnPeRk+PLUz8nAbAW+JWejWAj/PKWkYF K/WH7zG/cqCmpJe9MRZQ/qNzf1PCnS8VIS8F2bQ0LVvpxZvV8xJKS7P7fVpPj7CHhTVXZwKEO 79QUjNOW8OClHYvYzLbHmf+W4TnhQAcRUQDkZ6Vn3iRrW7Mfk0VHmq/nwCfhon5HRMp/IGtv/ ZBBFQJdyvC8hdrDiD+MNeV7GyD4wxw61KpzPgOzp0DpoyNWWdFIZF5sLC5TsUB8k1Ox5CT1YQ +cP9JzrejObyCTI2SHSYf6q8/YEfs4OBJaow0LRoBE0SPzW9lGGOAEFI2RL5mpgjVuWKhCkSv DbLCewSzsP778HFHukEFCiegSmm87UpQd85E6hk7+kpeslPmUfgohM/IsuM+u+rcoU+z7P03w KrVlwW1sR6+Ef1ImvXG2gLqu5CXDP5D9L9hdIQNsTqlhoLLgsAOf5q4CODbGf4ay9wswasIOd EULsvYr0Wl9nhH9P8CUDO5h1yHI= Received-SPF: pass client-ip=212.227.17.20; envelope-from=scdbackup@gmx.net; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2022 08:53:46 -0000 Hi, while preparing a proposal how to avoid skipping of CE (and ST) if they are found at the start of a continuation area, i came to a problem of patch [2/4] which i did not see when reviewing it yesterday: > + return grub_error (GRUB_ERR_BAD_FS, "invalid CE entry size"); It is not about the size of the CE entry but about the size of the continuation area which the CE entry announces. So i propose as error message "invalid continuation area size in CE entry" Have a nice day :) Thomas