| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <56B4B314-CBF3-495B-96BD-FCD524D539DA@sun.com>
Date: Wed, 24 Feb 2010 01:25:16 -0700
From: Andreas Dilger <adilger@....com>
To: "Theodore Ts'o" <tytso@....edu>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH] e2fsck: Fix bug which can cause e2fsck -fD to corrupt
non-indexed directories
On 2010-02-22, at 22:43, Theodore Ts'o wrote:
> E2fsprogs 1.41.10 introduced a regression (in commit b71e018) where
> e2fsck -fD can corrupt non-indexed directories when are exists one or
> more file names which alphabetically sort before ".". This can happen
> with ext2 filesystems or for small directories (take less than a
> block) which contain filenames that begin with a space or some other
> punctuation mark.
>
> Fix this by making sure we never reorder the '.' or '..' entry in the
> directory, since they must be first.
Ted, thanks for getting this out so fast. We were just building our
release based on 1.41.10 and are able to add this in.
Do you have a regression test for this case? e2fsck itself will
detect the corruption ("." and ".." not at the start of the directory)
after the fact, but I guess it means that there are no existing tests
where there is a directory entry that sorts before "." or it would
have been noticed earlier.
Looking at the ASCII characters before "." it seems that CVS "old
version" files with a leading ".#", "(", and "%gconf.xml" would
probably be the most likely cause of problems.
In any case, I can reproduce this easily on my filesystem with my mp3
collection (on a backup, fortunately). Unfortunately, it seems that
re-running e2fsck after such a corruption causes all (thousands) of
the entries that were sorted to the beginning of the directory to be
deleted, and moved into /lost+found.
Have you pulled this release from Sourceforge and any downstream
releases already (Debian, FC, etc)? It seems like a pretty serious
problem, even though "-fD" is likely not run very often.
> Signed-off-by: "Theodore Ts'o" <tytso@....edu>
> ---
> e2fsck/rehash.c | 7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
> index 780742e..ceb8543 100644
> --- a/e2fsck/rehash.c
> +++ b/e2fsck/rehash.c
> @@ -763,7 +763,12 @@ retry_nohash:
>
> /* Sort the list */
> resort:
> - qsort(fd.harray, fd.num_array, sizeof(struct hash_entry), hash_cmp);
> + if (fd.compress)
> + qsort(fd.harray+2, fd.num_array-2, sizeof(struct hash_entry),
> + hash_cmp);
> + else
> + qsort(fd.harray, fd.num_array, sizeof(struct hash_entry),
> + hash_cmp);
>
> /*
> * Look for duplicates
> --
> 1.6.6.1.1.g974db.dirty
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-
> ext4" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists