From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1pJDUd-00068F-AC for mharc-grub-devel@gnu.org; Sat, 21 Jan 2023 08:01:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pJDUQ-00064j-6E for grub-devel@gnu.org; Sat, 21 Jan 2023 08:01:00 -0500 Received: from mout.gmx.net ([212.227.17.21]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pJDUN-0002UT-Hf for grub-devel@gnu.org; Sat, 21 Jan 2023 08:00:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1674306032; bh=hHO332oQ8v1xsszsP7zEkUF3nX0FzzkdmSz5OViV13E=; h=X-UI-Sender-Class:Date:From:To:Subject:Cc:References:In-Reply-To; b=f8r6JKg+s06sYzJNkBVnlIxlhShoVPLgoR+rSUGL5reO9yCEvuFGJqSSEUOQ1r6qm Y6c4SrW6Op2dYMw6vACvF9HuLtJPmptPjlw3hz5BKgm1st5qI5R5P0s3OpwG14rZqk LnzIf/Zr2EvdrFcSx1sBdoqB6Nk7o4cs5DMf1Uk0t80cRCOFOb1leL22E85/ZIkAtL 9XZGofnQsMZzj5U0ODlBgmjVR1/M8JdmAGr95dE6mqliXRZPzBX9yeBTte4GROxKZy Xe8CsVTNIfH5Vo5BzAGHWIkb9tIaWSdQFCd7f6a2oqRZObOk8Jc3ygqaGgGv8zVCTr 5EQmVgHHkSX2w== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from scdbackup.webframe.org ([84.179.236.73]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M1po0-1pH1cu2sgK-002HL0; Sat, 21 Jan 2023 14:00:32 +0100 Date: Sat, 21 Jan 2023 13:59:48 +0100 From: "Thomas Schmitt" To: grub-devel@gnu.org Subject: Re: [PATCH v3 5/5] fs/iso9660: Prevent skipping CE or ST at start of continuation area Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Cc: lidong.chen@oracle.com, fengtao40@huawei.com, yanan@huawei.com, daniel.kiper@oracle.com, lichenca2005@gmail.com References: <68684a82e50c77eebe7f0e6e5460cb08f8b06889.1674238184.git.lidong.chen@oracle.com> In-Reply-To: <68684a82e50c77eebe7f0e6e5460cb08f8b06889.1674238184.git.lidong.chen@oracle.com> Message-Id: <28932393136888755131@scdbackup.webframe.org> X-Provags-ID: V03:K1:t4hdC54RJ0PK8vPjtATAQ8PLJ6H+RsaKO4FI51iDeCPgQjIQc0/ 6TG9U8mMeOdvHs9zvD7b2VDuKVo859iMeOZny24VDW9jKj1xvMCBxwZX+wbB8ouMD4VGRMM 4XokmZKliipF04Q1KQgq81AvKBhf0IxbI0qewLXk4vUUvG5zQlPkTdNMbkrk/nAH1UYrAQp YOop9SQh1A0ZGWyXyuIIQ== UI-OutboundReport: notjunk:1;M01:P0:f2y1rNXnbWk=;BRFWQLe2ssUTQdPaqkW4eiH5j4b SxmEC0alH4gRkdfzxgk3WedD0+LnW6NMrfPRwDa9zTtGKxOqxOEW1R2QbIF/BJ0vbJNx+pybf 923ZrUPa/AEp3HfeHqG99GZd9GmbGbQwxKKGFyORX2dkxHCpylmOEua75vNJe2CpyNhBT8Lyj +xGPbX8kTBDHge6ohwtwyhhrxUmHeBKK8aRcBLGBTkIy/uEya1IKL426evUAc5E27ypHIQoRQ vUeDF9Mi83KsrQOSNvQqlhWiRMwxRPdDMbL9bjA8M/YHz1/tCQ7JSKFQbd4dYeayhiaCnDVJ7 ztvIBlfrxDrWso5fhsf0y+PY7eBfu74oZMXQLqB5X4r30+VLnpCj9F5Z8LcyLFHJeBZsk8wXg 7QtcDysv+JcwT4aQt89PTDGvj9kqoAxtH52r3EphcQXR3VR/x8x1Gvbnk1xFJNmFXJKqLcF/X MtnwwdfFT1cuzn+jq/MlGsxn/DISzHOWp9pWI2tjFNPu9qGnMiRM4iRV9Hq3rNKFrO9gHVY/M gSCGbNCOJu2hc4r7YlUll/NJH48tpJokQgHTafqjPKPPQxHsBUG1hMkeLdaAJ0hCvew5kldRP 7/KLsqWRkdNbHbj31CD04ci1VmCLMnjr/FnDbsd9x2szRx3QK+LDKVG3Lt9aoSILOJ8Ny0c/c 1yDQnAOStjdFMyvk9RaH548/f7DFPkFpFnBcyotBeBKbFGcl0U8kPa7q2fLoHlet9bmjar+fZ VHrfoX62oT4L8FD23ZjPaQ+8OGTzuqQrmhpezB3vnoI9whcWoknUM545ydVraBn0gzpfdDpx7 TfAQScigDxcQru+hkITSGpWqcSt5KJc78hGxDmUf1I1G2UL19eyTh4uI/dlvsqBU4/OvIKv2B GhPwEQ5qhKtslrcthmYJp6x/h6nTIoPLreoPEJ6mKW94lLx8jJf4e8AiQ1Uf1nRFAVuFbMRaX /8jgRRqBAz781IvrYV03u2dKqcY= Received-SPF: pass client-ip=212.227.17.21; envelope-from=scdbackup@gmx.net; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2023 13:01:01 -0000 Hi, On Fri, 20 Jan 2023 19:39:42 +0000 Lidong Chen wr= ote: > If processing of a SUSP CE entry leads to a continuation area which > begins by entry CE or ST, then these entries were skipped without > interpretation. In case of CE this would lead to premature end of > processing the SUSP entries of the file. In case of ST this could > cause following non-SUSP bytes to be interpreted as SUSP entries. > > Signed-off-by: Thomas Schmitt > Tested-by: Lidong Chen > --- > grub-core/fs/iso9660.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c > index ca45b3424..3ddb06ed4 100644 > --- a/grub-core/fs/iso9660.c > +++ b/grub-core/fs/iso9660.c > @@ -50,6 +50,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); > #define GRUB_ISO9660_VOLDESC_END 255 > > #define GRUB_ISO9660_SUSP_HEADER_SZ 4 > +#define GRUB_ISO9660_MAX_CE_HOPS 100000 > > /* The head of a volume descriptor. */ > struct grub_iso9660_voldesc > @@ -270,6 +271,7 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node, = grub_off_t off, > char *sua; > struct grub_iso9660_susp_entry *entry; > grub_err_t err; > + int ce_counter =3D 0; > > if (sua_size <=3D 0) > return GRUB_ERR_NONE; > @@ -304,6 +306,13 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node,= grub_off_t off, > struct grub_iso9660_susp_ce *ce; > grub_disk_addr_t ce_block; > > + if (++ce_counter > GRUB_ISO9660_MAX_CE_HOPS) > + { > + grub_free (sua); > + return grub_error (GRUB_ERR_BAD_FS, > + "suspecting endless CE loop"); > + } > + > ce =3D (struct grub_iso9660_susp_ce *) entry; > sua_size =3D grub_le_to_cpu32 (ce->len); > off =3D grub_le_to_cpu32 (ce->off); > @@ -331,6 +340,13 @@ grub_iso9660_susp_iterate (grub_fshelp_node_t node,= grub_off_t off, > return err; > > entry =3D (struct grub_iso9660_susp_entry *) sua; > + /* > + * The hook function will not process CE or ST. > + * Advancing to the next entry would skip them. > + */ > + if (grub_strncmp ((char *) entry->sig, "CE", 2) =3D=3D 0 > + || grub_strncmp ((char *) entry->sig, "ST", 2) =3D=3D 0) > + continue; > } > > if (hook (entry, hook_arg)) > -- > 2.35.1 Reviewed-by: Thomas Schmitt Have a nice day :) Thomas