d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extend the sanity checks in ufs_lookup to ensure that each directory

Browse Source 
entry fits within its DIRBLKSIZ block. The surrounding code is
extremely fragile with respect to corruption of the directory entry
'd_reclen' field; if directory corruption occurs, it can blindly
scan forward beyond the end of the filesystem block. Usually this
results in a 'fault on nofault entry' panic.

Directory corruption is now much more likely to be detected, resulting
in a 'ufs_dirbad' panic. If the filesystem is read-only, it will
simply print a warning message, and skip the corrupted block.

Reviewed by:	mckusick
This commit is contained in:
Ian Dowse 2001-02-04 01:52:11 +00:00
parent 64602637c7
commit 5d1731a783
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=71976
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/ufs/ufs/ufs_lookup.c
View File

@ -242,7 +242,8 @@ ufs_lookup(ap)
* "dirchk" to be true.
*/
ep = (struct direct *)((char *)bp->b_data + entryoffsetinblock);
if (ep->d_reclen == 0 ||
if (ep->d_reclen == 0 || ep->d_reclen >
DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1)) ||
(dirchk && ufs_dirbadentry(vdp, ep, entryoffsetinblock))) {
int i;