d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libsa: Fix infinite loop in bzipfs & gzipfs

Browse Source 
A bug in the loader's bzipfs & gzipfs filesystems caused compressed
kernel and modules not to work on EFI systems with a veriexec-enabled
loader. Since the size of files in these filesystems are not known
_a priori_ `stat` would initialize the size to -1 and the loader would
then hang in an infinite loop while trying to seek (read) to the end
of file since the loop termination condition compares the current
offset to that negative target position.

Reviewers:	vangyzen, imp, Bret Ketchum (Bret.Ketchum@dell.com)
Differential Revision:	https://reviews.freebsd.org/D30414
Sponsored by:	Dell EMC Isilon
MFC to:	     stable/12, stable/13
MFC after:   1 week
This commit is contained in:
David Bright 2021-05-24 12:12:15 -05:00
parent 33764e3fd0
commit 3df4c387d2
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
stand/libsa/bzipfs.c
View File

@ -340,6 +340,9 @@ bzf_seek(struct open_file *f, off_t offset, int where)
target - bzf->bzf_bzstream.total_out_lo32), NULL);
if (errno)
return(-1);
/* Break out of loop if end of file has been reached. */
if (bzf->bzf_endseen)
break;
}
/* This is where we are (be honest if we overshot) */
return(bzf->bzf_bzstream.total_out_lo32);

3
stand/libsa/gzipfs.c
View File

@ -315,6 +315,9 @@ zf_seek(struct open_file *f, off_t offset, int where)
target - zf->zf_zstream.total_out), NULL);
if (errno)
return(-1);
/* Break out of loop if end of file has been reached. */
if (zf->zf_endseen)
break;
}
/* This is where we are (be honest if we overshot) */
return(zf->zf_zstream.total_out);