From: "Thomas Schmitt" <scdbackup@gmx.net>
To: grub-devel@gnu.org
Cc: lidong.chen@oracle.com, fengtao40@huawei.com, yanan@huawei.com,
daniel.kiper@oracle.com, lichenca2005@gmail.com,
development@efficientek.com
Subject: Re: [PATCH v3 0/5] fs/iso9660: Fix out-of-bounds read
Date: Sat, 28 Jan 2023 09:19:25 +0100 [thread overview]
Message-ID: <22684393343409241196@scdbackup.webframe.org> (raw)
In-Reply-To: <20230127152442.7edf7af9@crass-HP-ZBook-15-G2>
Hi,
Glenn Washburn wrote:
> Why does only one suffice? It
> sounds like they test different code paths. Is it possible that there
> is a future code regression such that one iso succeeds and the other
> fails?
They follow different code paths before hunk 4 of patch 5 fixes the
bug that CE and ST at the start of a continuation area are ignored:
@@ -331,6 +340,13 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node, grub_off_t off,
return err;
entry = (struct grub_iso9660_susp_entry *) sua;
+ /*
+ * The hook function will not process CE or ST.
+ * Advancing to the next entry would skip them.
+ */
+ if (grub_strncmp ((char *) entry->sig, "CE", 2) == 0
+ || grub_strncmp ((char *) entry->sig, "ST", 2) == 0)
+ continue;
}
if (hook (entry, hook_arg))
After this change, the first three hunks of patch 5 prevent that the
now common code path is an endless loop.
So a behavioral difference of ce_loop.iso and ce_loop2.iso is to expect
only if above patch hunk #4 gets reverted.
> Ok, so there should be no output on success then for both ce_loop and
>ce_loop2, correct? (for "grub-fstest <iso> ls /" )
Yes. Actually i would have expected an error message to be emitted.
But somehow grub-fstest does not show the text from:
+ return grub_error (GRUB_ERR_BAD_FS,
+ "suspecting endless CE loop");
Have a nice day :)
Thomas
prev parent reply other threads:[~2023-01-28 8:20 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-20 19:39 [PATCH v3 0/5] fs/iso9660: Fix out-of-bounds read Lidong Chen
2023-01-20 19:39 ` [PATCH v3 1/5] fs/iso9660: Add check to prevent infinite loop Lidong Chen
2023-02-02 19:35 ` Daniel Kiper
2023-02-02 23:27 ` Lidong Chen
2023-01-20 19:39 ` [PATCH v3 2/5] fs/iso9660: Prevent read past the end of system use area Lidong Chen
2023-01-20 19:39 ` [PATCH v3 3/5] fs/iso9660: Avoid reading past the entry boundary Lidong Chen
2023-01-20 19:39 ` [PATCH v3 4/5] fs/iso9660: Incorrect check for " Lidong Chen
2023-01-20 19:39 ` [PATCH v3 5/5] fs/iso9660: Prevent skipping CE or ST at start of continuation area Lidong Chen
2023-01-21 12:59 ` Thomas Schmitt
2023-01-25 17:09 ` [PATCH v3 0/5] fs/iso9660: Fix out-of-bounds read Daniel Kiper
2023-01-25 20:24 ` Thomas Schmitt
2023-01-26 22:05 ` Glenn Washburn
2023-01-27 10:56 ` Thomas Schmitt
2023-01-27 21:24 ` Glenn Washburn
2023-01-28 8:19 ` Thomas Schmitt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22684393343409241196@scdbackup.webframe.org \
--to=scdbackup@gmx.net \
--cc=daniel.kiper@oracle.com \
--cc=development@efficientek.com \
--cc=fengtao40@huawei.com \
--cc=grub-devel@gnu.org \
--cc=lichenca2005@gmail.com \
--cc=lidong.chen@oracle.com \
--cc=yanan@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.