From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1pITaQ-0004wK-5T for mharc-grub-devel@gnu.org; Thu, 19 Jan 2023 07:00:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pITaO-0004wA-EG for grub-devel@gnu.org; Thu, 19 Jan 2023 07:00:04 -0500 Received: from mout.gmx.net ([212.227.17.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pITaM-0000in-3o for grub-devel@gnu.org; Thu, 19 Jan 2023 07:00:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1674129559; bh=Pw79KCjMWdH1xchrkwareEjpvepIBE0z/KF5KdML+aU=; h=X-UI-Sender-Class:Date:From:To:Subject:Cc:References:In-Reply-To; b=ladNTmpwOe/xZuiE442iCL/tROM0T8YMQZ/aWDFspV/4UZ8XBJb+46goNF85oa6YR MQRQuWKHNnx7iBFcqn9ifyRFTcc1K4/gkpc79LKMaAJpYTueaLvu7f+jwgTsVOkIgy 5oFIZlEyjYX60lkdw8OZl/oIWE+mW4ptBiQxELnKfh23UWY6AjxwBnBPnT3dKyeiyY x/4FnD5HQ0J4xP8f6ZgfYAUSw/ftWScD0D9DaGsORajK5ZsWLw4xOoUh97/S6NSl9p t4sf6li8ROUtR+9z4swWBoSoQlnqw1U+alJgLd/6Aa+DBipSW7vN9FcfuSDWmrgCsb H07l91qgqNP6g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from scdbackup.webframe.org ([84.179.236.73]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MkHQX-1opiPO1YwT-00kj7F; Thu, 19 Jan 2023 12:59:19 +0100 Date: Thu, 19 Jan 2023 12:58:30 +0100 From: "Thomas Schmitt" To: grub-devel@gnu.org Subject: Re: [PATCH v2 0/5] fs/iso9660: Fix out-of-bounds read Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Cc: lidong.chen@oracle.com, fengtao40@huawei.com, yanan@huawei.com, daniel.kiper@oracle.com, lichenca2005@gmail.com References: <5E5AF397-9011-4B59-BE15-20D8521B40CE@ORACLE.COM> In-Reply-To: <5E5AF397-9011-4B59-BE15-20D8521B40CE@ORACLE.COM> Message-Id: <22670392960858409154@scdbackup.webframe.org> X-Provags-ID: V03:K1:ibFPkI2T9c89kzeofyXqHZTjtapj7VCHDPAMKdbErGrI1rClwfN SiApsTGLbvrwsZ4FNtM4SeT+v+A8W6SRYVDUHt+glQCYWNpCMA23vTShBLsaTFyVsGSbR1P 9WGSAl3ijqw9m4Vc/QO0HRTh7rkjIclyMXlO3YeFNvI3d71CR5+/fZDbExrZfgmj201Ntpw 80FSWUR2xbEzH55e9R4kA== UI-OutboundReport: notjunk:1;M01:P0:kM+kJLu6b7U=;Hfr7rx5xcM7DbaYxjn9LGYuD7eB WOD1U4+Et3WvXRYitVUaSp9ZJasndFyPYKRQu/pld81/O1ts14OLl1wCYNv5jfYxrK3GfJk9a IoRDa2UseqP+ZBk4t+0B7cwgjm8Y/XsIewbiQrremKReHBHwijcWuKRaLqJQMi8LSy7YfAFq3 /srHcj3/PWZdAS99B+DMGBUhXp8720lAqUduDT1Lae8EsZ76HK2pEewT4Qb2LBI5/Ke5yV9XD HQYYIg+YGt5MWApvfCQKUGNHSfSbdHkXsmRlTR1D4cJsb/SgqsrgFkqZ2bgzcW5q/Tldr4NrA raQXIerRLUO6MRcpW2KOEP3z8SVt/WsS0KI8aaLD5vnDwilo8HEbamtVIT1NYEifg8al9XKmu h0rPN0wcVJHvTbc1iplAsvBZh1S4zirEvRtvP4S9ys1uBbjUibfoWtbpWmU6Ytj2nCcJykajP s8sDwinLHvIPN/UzKoZ0dRFvUWwShgE+arR4QdVlXa4tctuwiSaodnHA80TRIhBbRciKhJCPC 3cdbxnREPpcAf2d917jzd6NDizOkGDexKv0GShwXLkaUpbi7JzaE3630mCdWapU/POaMDocqh bMZu4Xq77m5G9aeF+q4OKwN4NL3lThOKXeKtGfMO8lTpkAHdlCLviLG7sXIub0Vr1uNW0oolT Fw5JLpIPeBb1LfR7jsIEuUeVCA4ahmn0eHoeoFw9R93SPnJJP6ehcjyBc9w+jL4+TpASUbwc2 8KaBg9Ml3ebirkTN6V51g80O6y3j1E166pRWfCSNNiRtetp4qGUIVRm1hekNl8Gq+nmzSqwjf oSgnh5voYqo4drrH+11ie9FYcnx8F+4kqeInd5FNiyU0iS5aJcgauimv5hjhS1LK5QERFt4NH skYDBfyVd0Xam0X7K05wXzquTJC0MUqDg3YBN5tJKQZz5SqCGDQbk3Xas9k48gCnlOwZZK8cg Ouzm4CKz6VEowAVtTsbd9mJocJc= Received-SPF: pass client-ip=212.227.17.22; envelope-from=scdbackup@gmx.net; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2023 12:00:04 -0000 Hi, i wrote: > > libisofs and xorriso are in the process of getting an adjustable curb = to > > prevent the production of ISO filesystems with files which would not s= how > > up in Linux. I decided for 100,000 hops as hard limit but set the defa= ult > > to 31. Lidong Chen wrote: > I am not sure I understand the hard limit vs the default in terms of > checking the number of hops. xorriso produces and reads ISO 9660 filesystems. At production time, the limit will be adjustable. The default will be 31 to prevent files which don't show up when the filesystem is mounted by Linux. The maximum adjustable limit at production time will be 100,000. At read time, e.g. for extracting files or for adding another session to the ISO, the limit will be 100,000. > Since the limit of CE hops has been decided, I meanwhile deem the proposed 1 million allowed hops quite high. An opinion by experienced GRUB developers would be helpful. > if the previous proposed fix still stands, I can create a patch for it. The fix by hop counting is the right thing to do. > The tough part for me is the testing. You can use for testing http://scdbackup.webframe.org/ce_loop.iso.gz SHA256: d86b73b0cc260968f50c30a5207b798f5fc2396233aee5eb3cedf9cef069f3c2 and http://scdbackup.webframe.org/ce_loop2.iso.gz SHA256: a6bde0c1562de8959d783bca0a79ad750da2bc129bdea2362b4a7c3e83426b2c ce_loop.iso currently causes no endless loop in grub-fstest, because the CE entry at the start of the (bad) continuation area is ignored, against the prescriptions of SUSP. It will cause an endless loop after patch 5/5 is applied and the self-pointing CE entry is not ignored any more by mistake. ./grub-fstest ce_loop.iso ls / ce_loop2.iso already now causes an endless loop with ./grub-fstest ce_loop2.iso ls / Both endless loops should be detected and cause a GRUB error when the CE hop counter and loop breaker is in effect. (I can meanwhile provide ISOs which have 32+ CE hops without loop, i.e. righteously storing 64+ KiB of data in the chain of SUSP entries of a file. But that's mainly interesting for testing Linux, not for GRUB.) Have a nice day :) Thomas