From: Chao Yu <yuchao0@huawei.com>
To: cgxu519 <cgxu519@gmx.com>, Chao Yu <chao@kernel.org>, jaegeuk@kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH] f2fs: add additional sanity check in f2fs_acl_from_disk()
Date: Fri, 31 Aug 2018 15:02:56 +0800 [thread overview]
Message-ID: <cc042ca1-9620-ed18-f0e5-3f07031d16bc@huawei.com> (raw)
In-Reply-To: <59f106bd-50d8-8f82-f573-1d025ad19f7d@gmx.com>
On 2018/8/31 0:19, cgxu519 wrote:
>
> On 08/30/2018 11:41 PM, Chao Yu wrote:
>> Hi Chengguang,
>>
>> On 2018/8/30 21:33, Chengguang Xu wrote:
>>> Add additinal sanity check for irregular case(e.g. corruption).
>>> If size of extended attribution is smaller than size of acl header,
>>> then return -EINVAL.
>>>
>>> Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
>>> ---
>>> fs/f2fs/acl.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
>>> index 111824199a88..79e9ea773070 100644
>>> --- a/fs/f2fs/acl.c
>>> +++ b/fs/f2fs/acl.c
>>> @@ -53,6 +53,9 @@ static struct posix_acl *f2fs_acl_from_disk(const char *value, size_t size)
>>> struct f2fs_acl_entry *entry = (struct f2fs_acl_entry *)(hdr + 1);
>>> const char *end = value + size;
>>>
>>> + if (size < sizeof(f2fs_acl_header))
>>> + return ERR_PTR(-EINVAL);
>> I guess below codes have checked that already?
>>
>> count = f2fs_acl_count(size);
>> if (count < 0)
>> return ERR_PTR(-EINVAL);
>
> Hi Chao,
>
> Thanks for prompt reply.
>
> I still think in a rare case, it can pass the check in f2fs_acl_count()
> and cause unexpected behavior.
>
> For example, like below code path in f2fs_acl_count().
if size < sizeof(f2fs_acl_header)
size -= sizeof(struct f2fs_acl_header);
size should be smaller than zero, right?
>
> -> if (s < 0) {
> if (size % sizeof(struct f2fs_acl_entry_short))
> return -1;
> -> return size / sizeof(struct f2fs_acl_entry_short);
So the return value should be smaller than zero?
Thanks,
> }
>
>
> Thanks,
> Chengguang
>
>
>
>
>
>
>
>
>
>
>
>
> .
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2018-08-31 7:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 13:33 [PATCH] f2fs: add additional sanity check in f2fs_acl_from_disk() Chengguang Xu
2018-08-30 15:41 ` Chao Yu
2018-08-30 16:19 ` cgxu519
2018-08-31 7:02 ` Chao Yu [this message]
2018-08-31 11:40 ` Chengguang Xu
2018-08-31 12:16 ` Chao Yu
2018-08-31 12:17 ` Chao Yu
2018-09-05 4:28 ` Jaegeuk Kim
2018-09-05 5:54 ` Chao Yu
2018-09-05 16:59 ` Jaegeuk Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cc042ca1-9620-ed18-f0e5-3f07031d16bc@huawei.com \
--to=yuchao0@huawei.com \
--cc=cgxu519@gmx.com \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).