lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141026104708.GA31873@sli.dy.fi>
Date:	Sun, 26 Oct 2014 12:47:09 +0200
From:	Sami Liedes <sami.liedes@....fi>
To:	"Darrick J. Wong" <darrick.wong@...cle.com>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: Valgrind-detected issues in e2fsck on corrupted filesystems

On Mon, Oct 20, 2014 at 01:57:36PM -0700, Darrick J. Wong wrote:
> Thanks for catching these!  I'll have patches out shortly.

Great! With your patches applied I could no longer get any valgrind
errors on ext4 during overnight fuzz testing.

Here's one more I found which only shows on ext[23], with or without
your recent patches. It seems that the error message "Unexpected block
in HTREE directory inode %d (%q)" is printed with uninitialized values
for both the %d and the %q conversions.

Pristine: http://www.niksula.hut.fi/~sliedes/e2fsck/testimg.ext2.bz2
Fuzzed: http://www.niksula.hut.fi/~sliedes/e2fsck/testimg.ext2.78.min.bz2

1-bit diff:

--- /dev/fd/63  2014-10-26 12:33:05.879722761 +0200
+++ /dev/fd/62  2014-10-26 12:33:05.880722761 +0200
@@ -9032,6 +9032,9 @@
 0013fc10  0a 05 00 00 0b 05 00 00  2b 05 00 00 00 00 00 00  |........+.......|
 0013fc20  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 *
+0013fcb0  00 00 00 00 00 00 00 00  00 00 04 00 00 00 00 00  |................|
+0013fcc0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+*
 00140000  34 02 00 00 30 00 26 07  5c 78 32 66 64 65 76 69  |4...0.&.\x2fdevi|
 00140010  63 65 73 5c 78 32 66 76  69 72 74 75 61 6c 5c 78  |ces\x2fvirtual\x|
 00140020  32 66 74 74 79 5c 78 32  66 74 74 79 35 33 00 00  |2ftty\x2ftty53..|

Output:

------------------------------------------------------------
e2fsck 1.43-WIP (29-Aug-2014)
Pass 1: Checking inodes, blocks, and sizes
Inode 426 has illegal block(s).  Clear? yes

Illegal block #58 (262144) in inode 426.  CLEARED.
Pass 2: Checking directory structure
Directory inode 426 has an unallocated block #19.  Allocate? yes

Unexpected block in HTREE directory inode ==17310== Use of uninitialised value of size 8
==17310==    at 0x529C0FB: _itoa_word (_itoa.c:179)
==17310==    by 0x529FB02: vfprintf (vfprintf.c:1635)
==17310==    by 0x52A1340: buffered_vfprintf (vfprintf.c:2312)
==17310==    by 0x529C3DD: vfprintf (vfprintf.c:1290)
==17310==    by 0x52A6526: fprintf (fprintf.c:32)
==17310==    by 0x4333BB: expand_percent_expression (message.c:451)
==17310==    by 0x433817: print_e2fsck_message (message.c:552)
==17310==    by 0x4325D1: fix_problem (problem.c:2130)
==17310==    by 0x424A8B: check_dir_block (pass2.c:973)
==17310==    by 0x44AF96: ext2fs_dblist_iterate2 (dblist.c:211)
==17310==    by 0x422E34: e2fsck_pass2 (pass2.c:149)
==17310==    by 0x4149DF: e2fsck_run (e2fsck.c:230)
[...]
87815056 (==17310== Conditional jump or move depends on uninitialised value(s)
==17310==    at 0x432977: print_pathname (message.c:203)
==17310==    by 0x4334FE: expand_percent_expression (message.c:480)
==17310==    by 0x433817: print_e2fsck_message (message.c:552)
==17310==    by 0x4325D1: fix_problem (problem.c:2130)
==17310==    by 0x424A8B: check_dir_block (pass2.c:973)
==17310==    by 0x44AF96: ext2fs_dblist_iterate2 (dblist.c:211)
==17310==    by 0x422E34: e2fsck_pass2 (pass2.c:149)
==17310==    by 0x4149DF: e2fsck_run (e2fsck.c:230)
==17310==    by 0x4139E6: main (unix.c:1649)
==17310== 
==17310== Conditional jump or move depends on uninitialised value(s)
==17310==    at 0x456D29: ext2fs_get_pathname (get_pathname.c:165)
==17310==    by 0x4329C2: print_pathname (message.c:209)
==17310==    by 0x4334FE: expand_percent_expression (message.c:480)
==17310==    by 0x433817: print_e2fsck_message (message.c:552)
==17310==    by 0x4325D1: fix_problem (problem.c:2130)
==17310==    by 0x424A8B: check_dir_block (pass2.c:973)
==17310==    by 0x44AF96: ext2fs_dblist_iterate2 (dblist.c:211)
==17310==    by 0x422E34: e2fsck_pass2 (pass2.c:149)
==17310==    by 0x4149DF: e2fsck_run (e2fsck.c:230)
==17310==    by 0x4139E6: main (unix.c:1649)
[...]
???).
------------------------------------------------------------

	Sami

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ