From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1pI3jy-0003YF-Hr for mharc-grub-devel@gnu.org; Wed, 18 Jan 2023 03:24:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pI3jv-0003Wk-UM for grub-devel@gnu.org; Wed, 18 Jan 2023 03:24:11 -0500 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pI3js-0007B3-UO for grub-devel@gnu.org; Wed, 18 Jan 2023 03:24:11 -0500 Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I7YMnU022191; Wed, 18 Jan 2023 08:24:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=ITCRgHLQYMV6NShfyuu7QvZgP6cqvwy3F5i/Zfr479I=; b=ScZ8RPprfHdb0QjY7P3cFSLTqFH9bqGGNJjKrb6cRuFKGq0gmL2QcNLuLdQ8TKQgbka6 jUyQF7/l1WeYMPcC6bMCV4fEszfAfcbWtsVIqUss/so0OCQM1fFHcUjVXPBZOM4wJ9US JrVoC0yFHnyrZTs73I35j7qJS6CseYqt0gL9GD85hKu1mbxi5dB+vSY6Vfq22Bbn0w1S Oh1FBNQ2OCwJaPiRMDAFDmpnqES3k5cMW5oNDN4JUC6f0e3T5S++fl5Ev8F4LbgpJ23P 3/9BbyB+lyhsIbXLBVjf7AMAczkkXu5IL5RystnpyHYBpBdM9812y+Xfd05/5Sdxsxk8 ug== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3n3mxt6vfy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 08:24:00 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 30I7hg0D038513; Wed, 18 Jan 2023 08:23:59 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3n6cms1sq0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 08:23:59 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30I8Nxqv015970; Wed, 18 Jan 2023 08:23:59 GMT Received: from localhost (lidochen-ol8-1.allregionaliads.osdevelopmeniad.oraclevcn.com [100.100.250.72]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3n6cms1spr-1; Wed, 18 Jan 2023 08:23:59 +0000 From: Lidong Chen To: grub-devel@gnu.org Cc: scdbackup@gmx.net, daniel.kiper@oracle.com, fengtao40@huawei.com, yanan@huawei.com, lichenca2005@gmail.com Subject: [PATCH v2 0/5] fs/iso9660: Fix out-of-bounds read Date: Wed, 18 Jan 2023 08:23:53 +0000 Message-Id: X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_03,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=867 adultscore=0 malwarescore=0 suspectscore=0 mlxscore=0 bulkscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180072 X-Proofpoint-GUID: RlGdFLdmQXzbjX0vIb5DHpvsqFXCtDre X-Proofpoint-ORIG-GUID: RlGdFLdmQXzbjX0vIb5DHpvsqFXCtDre Received-SPF: pass client-ip=205.220.165.32; envelope-from=lidong.chen@oracle.com; helo=mx0a-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2023 08:24:12 -0000 This is the v2 patches set which addressed the review comments from Thomas Schmitt. Many thanks to Thomas for the review comments as well as the detailed explanation and test instruction. Patch 0005 is a new patch addressing an old bug pointed out by Thomas. Thanks Thomas for providing the fix. Thomas also pointed out the issue of the potential endless loops by CE. Since the sugguested fix requires a bit more investigation, and as Thomas pointed out that it should be handled in a separate patch, the fix is not included in this this v2 patches set. Because I am not an expert, it would be better that someone else can work on it. For the background info and the comments, please see this email. The bottom half of the email addressed the endless loop issue: https://www.mail-archive.com/grub-devel@gnu.org/msg35785.html For the testing, it passed grub-fstest and make check. The fuzz test (ran for 2 days) confirmed that the patches fixed the issues. Lidong Chen (5): fs/iso9660: Add check to prevent infinite loop fs/iso9660: Prevent read past the end of system use area fs/iso9660: Avoid reading past the entry boundary fs/iso9660: Incorrect check for entry boundary fs/iso9660: Prevent skipping CE or ST at start of continuation area grub-core/fs/iso9660.c | 96 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 89 insertions(+), 7 deletions(-) -- 2.35.1