From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1p6AGb-0007W7-Vf for mharc-grub-devel@gnu.org; Fri, 16 Dec 2022 07:56:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p6AGZ-0007Vm-QE for grub-devel@gnu.org; Fri, 16 Dec 2022 07:56:43 -0500 Received: from mout.gmx.net ([212.227.17.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p6AGX-0005lI-Ur for grub-devel@gnu.org; Fri, 16 Dec 2022 07:56:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1671195379; bh=UkU+CFHP0vF2NqS2lXu9vLPh1auFA8y49bpVUZwRSbw=; h=X-UI-Sender-Class:Date:From:To:Subject:Cc:References:In-Reply-To; b=mWAOBWFyS7CcEMpWu1b+ySa3LvKCXIlAVB6DPnzwEGCGiIHWC7eYcpFbdEIRsHKDW mV1qfsl1Um7bUtRLPx9/5GR//amaFTUM6hHPW4YdMdMaFfVyjnXXWpLpz+IFWQOGQd dOvwBdAJkRPXM31xtj/kZ9K91UI8HCNH+O0w7ro9yQcfn4m1kKCiNOsPSQXe/ZzzUq qDJFc4z+TPfKLX0IvXhjvEMuD82pr/+dcq6/fgrPLPEeaFsgRcml8Bvgt4VM2+SjSM RjiPVw1p7PmdBAcy7ie34qh49oYVV/LMQsPqdVBsnqAWnbdAzfzh3skETUUX61xygw a4LNJO3QcxO3g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from scdbackup.webframe.org ([84.179.236.73]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MBlxM-1pBcpr0zkK-00CAYA; Fri, 16 Dec 2022 13:56:19 +0100 Date: Fri, 16 Dec 2022 13:57:04 +0100 From: "Thomas Schmitt" To: grub-devel@gnu.org Subject: Proposal v2: fs/iso9660: Prevent skipping CE or ST at start of continuation area Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Cc: lidong.chen@oracle.com, fengtao40@huawei.com, yanan@huawei.com, daniel.kiper@oracle.com, lichenca2005@gmail.com References: <19021389617225107434@scdbackup.webframe.org> In-Reply-To: <19021389617225107434@scdbackup.webframe.org> Message-Id: <31992389627932343306@scdbackup.webframe.org> X-Provags-ID: V03:K1:BZQPKVu8oQmsAb4YPvi1yDsdGTF0oZ7PQmP+MHcxts2Q39RcaVe 9qk7c6hAMx14RNuiYjSKMv/wjYj2vDdJNHzqEpJj3SbdNHNHGeyj2SkhVI89VDPVhqn3Syj ObwSedkpGqDrISuEjrTK7N7bVEu156h6ZP8n38rCZZuRTAB1lI85v4YfclSJzWto/srANOr x3GKNDVYX1SMlqA6ICYGw== UI-OutboundReport: notjunk:1;M01:P0:wqtrq66RXbg=;doD2xat6ebYns0PNF/8f2+C74nM 5CGC5GmpdoNeWqjSsNQxubYPlscPIxJ2KkkNFG9tL08UNEvls7z7Sa+dzD0DutV817qKSg0M7 qacAIFMMrS/WE8/Ao7ayPN4lOb3XePECD2u9DM3nwpOcJuc+F91NpoKPDxy0L7AXI8TzjV7Ze myutQ8fNzI1xSFe8RkYtLVbFMst7rosHi/WE4roVcF6ZrlHYTo0fE1mtqbRGKw9eOjXLOsWvN 8DrzzismsQyhSQfmkzAK//rcxb2RIhthhSqZQ0D72OFhpYnkEhtiELsueSDlchMbv/JKT4yAd qYmxwMJGj81ee0JSLzWfZYGpm9L3LIuhdum6g3Nw1IrWnKboZ6GiSt96unNFBLG6y4Ip0lS8F tE0YYynKpuQ9nKbRI4XeHgda2Ng1haC+DRMMvKGTmuwqXkdsy7a4nbTOK0SY95Xfyu0PQehFa ImEC2eAmZyigzxZC3MHc7Iu21X/C59WazS4lSEl9Kpqxhc9SRVkV5Z9/S/XvTyd2RMl5tF7IL uvrMiYMhFh21OqLXlqNRD79wwVcaduK6kU2sipeFM0khdR1DI13fPmpFLFAidrcmS8rvr/tfa zH8fu9moiUImLz/+08cpB4KFPiDyM9TAkoWuz8qKcQF+pfcWDy03ZQwkwsyO/+tMnhbsuhTrH HCHRerlIXSJDtvPexrZdvCsr61r+t4XhzndizVt1pfeZSMkY4Cs8HYVuXVfoczfdGrAkhqlXi IqE2O+Nthw79Yi5cqpjtkbLVXTzXt/DB/MWWXN7SrColSpb8Udq0JviizAaOdLMase8WgsJYl idB7Afn3yJwZD9SVZdM9HWPCvzxoI45hN3i6VYk6DsCeo9TrHa+5JrlYl+BxJd1kvFWS7Mneg hMPUP8BG+6M49gO/F/7Ju0+fMdHIJZgIJWSPnfdTYYqekmGKAwZULnjt+Dcg4AbPNRtLFt49M tnFnDXKlzkyW4T/Qk115NTydeAc= Received-SPF: pass client-ip=212.227.17.22; envelope-from=scdbackup@gmx.net; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2022 12:56:44 -0000 Hi, i realize that my previous proposal opens a possibility for regression wit= h a very bad ISO image. The danger is in an endless loop by a CE entry which points to itself. The bug which i want to see fixed currently prevents this special pitfall. (Other endless loops by CE are possible and not prevented. It's much like with symbolic link loops. In the end only a hard limit on the number of CE hops would help.) So i now propose with the same sketch of a commit message, this change (compiles but was but not tested): =2D----------------------------------------------------------------------- fs/iso9660: Prevent skipping CE or ST at start of continuation area If processing of a SUSP CE entry leads to a continuation area which begins by entry CE or ST, then these entries were skipped without interpretation. In case of CE this would lead to premature end of processing the SUSP entr= ies of the file. In case of ST this could cause following non-SUSP bytes to be interpreted as SUSP entries. Signed-off-by: Thomas Schmitt =2D-- grub-core/fs/iso9660.c.lidong_chen_patch_2 2022-12-15 11:46:50.65429= 5924 +0100 +++ grub-core/fs/iso9660.c.lidong_chen_patch_2_ce_fix_v2 2022-12-16 13:54:= 55.654651173 +0100 @@ -336,6 +336,21 @@ grub_iso9660_susp_iterate (grub_fshelp_n } entry =3D (struct grub_iso9660_susp_entry *) sua; + + /* The hook function will not process CE or ST. + Advancing to the next entry would skip them. */ + if (grub_strncmp ((char *) entry->sig, "CE", 2) =3D=3D 0) + { + ce =3D (struct grub_iso9660_susp_ce *) entry; + if (ce_block + !=3D grub_le_to_cpu32 (ce->blk) << GRUB_ISO9660_LOG2_BLKSZ + || off !=3D grub_le_to_cpu32 (ce->off)) + continue; + /* Ending up here indicates an endless loop by self reference. + So skip this bad CE as was done before december 2022. */ + } + if (grub_strncmp ((char *) entry->sig, "ST", 2) =3D=3D 0) + break; } if (hook (entry, hook_arg)) =2D----------------------------------------------------------------------- Have a nice day :) Thomas