lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 03 Nov 2011 09:47:31 -0500
From:	Eric Sandeen <sandeen@...hat.com>
To:	Niu <niu@...mcloud.com>
CC:	tytso@....edu, linux-ext4@...r.kernel.org
Subject: Re: e2fsprogs: Avoid infinite loop in ext2fs_find_block_device()

On 11/3/11 1:45 AM, Niu wrote:
> hello, Ted
> 
> In my rhel5 system, there are lots of loop links in the /dev/.udev/failed folder, which makes the e2fsprogs
> 'make check' stuck in 't_ext_jnl_rm'. I'm not sure if the loop links are generated by udev defect or misconfiguration,
> but anyway, I think the ext2fs_find_block_device() should do some sanity check to avoid infinite loop.
> 
> I made a simple patch which breaks the loop when depth reaching 5 in ext2fs_find_block_device(), any comments? Thank you.

My only concern would be that depth 5 isn't totally unreasonable in real life, and this causes it to silently stop searching, right?
Would there be much harm in making the limit much higher, to be fairly sure that it has wandered off into the weeds?

I guess this function isn't very frequently called outside of make check though, just from tune2fs' remove_journal_device() (for external journals I guess?) so I suppose it's not too worrisome.

-Eric


> From 5ef3b82266e7fb5edbce4febc4924b0beaccacf1 Mon Sep 17 00:00:00 2001
> From: Niu Yawei <niu@...mcloud.com>
> Date: Wed, 2 Nov 2011 04:31:11 +0800
> Subject: [PATCH] Avoid infinite loop in ext2fs_find_block_device()
> 
> The ext2fs_find_block_device() should stop searching when the
> directory depth reaching a certain threshold, otherwise, it could
> run into infinite loop if there are loop links in the device
> directory.
> 
> Signed-off-by: Niu Yawei <niu@...mcloud.com>
> ---
>  lib/ext2fs/finddev.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
> index 13ef14b..61f9754 100644
> --- a/lib/ext2fs/finddev.c
> +++ b/lib/ext2fs/finddev.c
> @@ -128,6 +128,7 @@ char *ext2fs_find_block_device(dev_t device)
>  	struct dir_list *list = 0, *new_list = 0;
>  	struct dir_list *current;
>  	char	*ret_path = 0;
> +	int    level = 0;
>  
>  	/*
>  	 * Add the starting directories to search...
> @@ -154,6 +155,9 @@ char *ext2fs_find_block_device(dev_t device)
>  		if (list == 0) {
>  			list = new_list;
>  			new_list = 0;
> +			/* Avoid infinite loop */
> +			if (++level > 5)
> +				break;
>  		}
>  	}
>  	free_dirlist(&list);

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ