From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1pLgRn-0001zo-KP
	for mharc-grub-devel@gnu.org; Sat, 28 Jan 2023 03:20:28 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <scdbackup@gmx.net>) id 1pLgRd-0001qt-KV
 for grub-devel@gnu.org; Sat, 28 Jan 2023 03:20:19 -0500
Received: from mout.gmx.net ([212.227.15.15])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <scdbackup@gmx.net>) id 1pLgRb-0000gr-Jk
 for grub-devel@gnu.org; Sat, 28 Jan 2023 03:20:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417;
 t=1674893991; bh=vQEwFBMI5yOFlOCzKrQXpAA0lkGeInncQur13oL/pQA=;
 h=X-UI-Sender-Class:Date:From:To:Subject:Cc:References:In-Reply-To;
 b=tFxoTlOeYVUXT2WlyJ1btuo3QDjXSCvXjdIcvE4pffZvIALxwbwZBcDAyFxkt/gef
 OGSbqDhjFAY3n5jJVEPKLuE12iCs5IUpbdJflA6+eSlWG80kc4MQeELmzune8rPOsw
 yuIIjwCYcubLBiGyYfBflnaKGdt3KdDW7RU2vZPNs+pB6H7W0WWLEW3Wb05oO140BU
 Zsilddt6C2IHwQyTHq+kPOocBsDPTZecjnHVnz8WW3+HQoawSZajN8E0Rm2Ka7zjFR
 en6hAY6pQgyWxeg2RheukMw4OFTG61TGG8Wh+KBwLYGXPP/ezaA4JYYmELufKtRqgN
 BtGTweaMmEW1g==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from scdbackup.webframe.org ([84.179.236.73]) by mail.gmx.net
 (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id
 1M7b2d-1pIddj4AKz-0086GN; Sat, 28 Jan 2023 09:19:51 +0100
Date: Sat, 28 Jan 2023 09:19:25 +0100
From: "Thomas Schmitt" <scdbackup@gmx.net>
To: grub-devel@gnu.org
Subject: Re: [PATCH v3 0/5] fs/iso9660: Fix out-of-bounds read
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Cc: lidong.chen@oracle.com, fengtao40@huawei.com, yanan@huawei.com,
 daniel.kiper@oracle.com, lichenca2005@gmail.com, development@efficientek.com
References: <20230127152442.7edf7af9@crass-HP-ZBook-15-G2>
In-Reply-To: <20230127152442.7edf7af9@crass-HP-ZBook-15-G2>
Message-Id: <22684393343409241196@scdbackup.webframe.org>
X-Provags-ID: V03:K1:CHk/2Rfun57lM+MiaylkjAk1TXyDg8uYYRc+d+QfZAscnv66YRA
 XtP3G9F+WLhSSmHppFL2JEDz7Ga5s3hcJMEw8dVIk9pPcmP74MpL4x8rvjEkynqnh9aMb55
 BpBT1mbgNWZvdqlaAr2JEaNC3RtmQT9+0V4jVy+OJhscIT/8jIMn4U+YSehl/yECs/2vzvu
 3CTfyFNlWD60EbGeOd2Lg==
UI-OutboundReport: notjunk:1;M01:P0:r0IdfmNR00I=;qRJEmknAby1Pjx1uxOLQHBlz2FK
 t1sez18A9h0eWstU4il3ki30gHBNVxOVj/2Iap3+/JufK31oLD0Sq3I96akuJhLa8E323zdsb
 Rhs6FwL4NGTE0hloHToMaBJMb8jVHd3gK55slKGgkIhCXAuMrZS5+G1uctcIhFkfZZb1LvfxE
 MmiT0Gjsr3WWlIoskB8a10IOEP775qKOLiB3Re2c4asvGVL4w4Z1tibHJ/gh+0Zeb/OZcQ2It
 022ZMNGdTGKxCC3tuMaw6HL8aU9gkP0IZ+gCYWstlxL9futPKm76MJXxlSm5NUPQvN7nepNOT
 dU/sxMFXud636qUHxN0cKkjW339MX1oMAFSvZa1yylH/2zPZET3dwPZMpb9e2hAY5n1aI+laR
 8Oli5IXNlF4heZc3qxpeGJiiZjhiuDzs+snSOJDrTIV68o7CV9Y0rH15SWXVgv4mBD1EwWymD
 GHeDrqyO0C/8i/XtECC4RLG1apwHYaBuqKdT7gXRr06fnHCEge/35S3M66z92+DJZZiqrISxt
 IrNsu2Se8ri9EiFnB9NigMsrsnGuqJrdvYfMLp4SL3T6WFpHKnezWEsWEab0ZX2a3GwynIZzq
 F2ISNWrIqJwN7xyzN6rcSYr6i+jiovjsIBK8jzkXpWbFnzRDeUuk1m8i5SNzsxNcmCq6x2MLi
 JjtcYaWtRsEH4woJwRTD5KtonrzARxoTyW/BDiQ2s2cn6TvlX0kVvR1YIxGsCg43nyVRiJ5qB
 Jxlm8Ou5N/G0i8BJUikQAYs2CrNJb0HQte1LboZZsUahu0du51YyLI8sSn15h+Mn1dzP0/iDz
 qyUfYDv2+H9LAEFB3fEudSA19Qr2xTP1p8qUNUYGZcPPQZEIaeiaUSzqc3sjvNjEWEs0bRLsp
 20Wec9vTwcAZ3P2xZhy8wdwuZaWUuKHy1xODfmOzFKTTsEOALqAxk1aVpPT608k1/fhRf0Htr
 hFkKDZCbTg5BvvO0FnB8RiTtUR0=
Received-SPF: pass client-ip=212.227.15.15; envelope-from=scdbackup@gmx.net;
 helo=mout.gmx.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jan 2023 08:20:21 -0000

Hi,

Glenn Washburn wrote:
> Why does only one suffice? It
> sounds like they test different code paths. Is it possible that there
> is a future code regression such that one iso succeeds and the other
> fails?

They follow different code paths before hunk 4 of patch 5 fixes the
bug that CE and ST at the start of a continuation area are ignored:

@@ -331,6 +340,13 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node, g=
rub_off_t off,
            return err;

          entry =3D (struct grub_iso9660_susp_entry *) sua;
+         /*
+          * The hook function will not process CE or ST.
+          * Advancing to the next entry would skip them.
+          */
+         if (grub_strncmp ((char *) entry->sig, "CE", 2) =3D=3D 0
+             || grub_strncmp ((char *) entry->sig, "ST", 2) =3D=3D 0)
+           continue;
        }

       if (hook (entry, hook_arg))

After this change, the first three hunks of patch 5 prevent that the
now common code path is an endless loop.

So a behavioral difference of ce_loop.iso and ce_loop2.iso is to expect
only if above patch hunk #4 gets reverted.


> Ok, so there should be no output on success then for both ce_loop and
>ce_loop2, correct? (for "grub-fstest <iso> ls /" )

Yes. Actually i would have expected an error message to be emitted.
But somehow grub-fstest does not show the text from:

+             return grub_error (GRUB_ERR_BAD_FS,
+                                "suspecting endless CE loop");


Have a nice day :)

Thomas