| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Aug 2022 13:13:39 +1000
From: Daniel Ng <danielng@...gle.com>
To: Lukas Czerner <lczerner@...hat.com>
Cc: linux-ext4@...r.kernel.org, tytso@....edu
Subject: Re: [PATCH] e2fsprogs: fix device name parsing to resolve names
containing '='
Thanks Lukas. Thanks for elaborating on your reasoning too - the
ordering makes sense to me. Generally lgtm (though I'm not an
owner/maintainer).
On Fri, Aug 5, 2022 at 7:47 PM Lukas Czerner <lczerner@...hat.com> wrote:
>
> Currently in varisous e2fsprogs tools, most notably tune2fs and e2fsck
> we will get the device name by passing the user provided string into
> blkid_get_devname(). This library function however is primarily intended
> for parsing "NAME=value" tokens. It will return the device matching the
> specified token, NULL if nothing is found, or copy of the string if it's
> not in "NAME=value" format.
>
> However in case where we're passing in a file name that contains an
> equal sign blkid_get_devname() will treat it as a token and will attempt
> to find the device with the match. Likely finding nothing.
>
> Fix it by checking existence of the file first and then attempt to call
> blkid_get_devname(). In case of a collision, notify the user and
> automatically prefer the one returned by blkid_get_devname(). Otherwise
> return either the existing file, or NULL.
>
> We do it this way to avoid some existing file in working directory (for
> example LABEL=volume-name) masking an actual device containing the
> matchin LABEL. User can specify full, or relative path (e.g.
> ./LABEL=volume-name) to make sure the file is used instead.
>
> Signed-off-by: Lukas Czerner <lczerner@...hat.com>
> Reported-by: Daniel Ng <danielng@...gle.com>
> ---
> e2fsck/unix.c | 6 +++---
> lib/support/plausible.c | 35 ++++++++++++++++++++++++++++++++++-
> lib/support/plausible.h | 3 +++
> misc/Makefile.in | 9 +++++----
> misc/e2initrd_helper.c | 5 +++--
> misc/fsck.c | 5 +++--
> misc/tune2fs.c | 4 ++--
> misc/util.c | 3 ++-
> 8 files changed, 55 insertions(+), 15 deletions(-)
>
> diff --git a/e2fsck/unix.c b/e2fsck/unix.c
> index ae231f93..edd7b9b2 100644
> --- a/e2fsck/unix.c
> +++ b/e2fsck/unix.c
> @@ -939,8 +939,8 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx)
> goto sscanf_err;
> break;
> case 'j':
> - ctx->journal_name = blkid_get_devname(ctx->blkid,
> - optarg, NULL);
> + ctx->journal_name = get_devname(ctx->blkid,
> + optarg, NULL);
> if (!ctx->journal_name) {
> com_err(ctx->program_name, 0,
> _("Unable to resolve '%s'"),
> @@ -1019,7 +1019,7 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx)
> ctx->io_options = strchr(argv[optind], '?');
> if (ctx->io_options)
> *ctx->io_options++ = 0;
> - ctx->filesystem_name = blkid_get_devname(ctx->blkid, argv[optind], 0);
> + ctx->filesystem_name = get_devname(ctx->blkid, argv[optind], 0);
> if (!ctx->filesystem_name) {
> com_err(ctx->program_name, 0, _("Unable to resolve '%s'"),
> argv[optind]);
> diff --git a/lib/support/plausible.c b/lib/support/plausible.c
> index bbed2a70..864a7a5e 100644
> --- a/lib/support/plausible.c
> +++ b/lib/support/plausible.c
> @@ -35,7 +35,6 @@
> #include "plausible.h"
> #include "ext2fs/ext2fs.h"
> #include "nls-enable.h"
> -#include "blkid/blkid.h"
>
> #ifdef HAVE_MAGIC_H
> static magic_t (*dl_magic_open)(int);
> @@ -290,3 +289,37 @@ int check_plausibility(const char *device, int flags, int *ret_is_dev)
> return 1;
> }
>
> +
> +char *get_devname(blkid_cache cache, const char *token, const char *value)
> +{
> + int is_file = 0;
> + char *ret = NULL;
> +
> + if (!token)
> + goto out;
> +
> + if (value) {
> + ret = blkid_get_devname(cache, token, value);
> + goto out;
> + }
> +
> + if (access(token, F_OK) == 0)
> + is_file = 1;
> +
> + ret = blkid_get_devname(cache, token, NULL);
> + if (ret) {
> + if (is_file && (strcmp(ret, token) != 0)) {
> + fprintf(stderr,
> + _("Collision found: '%s' refers to both '%s' "
> + "and a file '%s'. Using '%s'!\n"),
> + token, ret, token, ret);
> + }
> + goto out;
> + }
> +
> +out_strdup:
> + if (is_file)
> + ret = strdup(token);
> +out:
> + return ret;
> +}
> diff --git a/lib/support/plausible.h b/lib/support/plausible.h
> index b85150c7..8eb6817f 100644
> --- a/lib/support/plausible.h
> +++ b/lib/support/plausible.h
> @@ -13,6 +13,8 @@
> #ifndef PLAUSIBLE_H_
> #define PLAUSIBLE_H_
>
> +#include "blkid/blkid.h"
> +
> /*
> * Flags for check_plausibility()
> */
> @@ -25,5 +27,6 @@
>
> extern int check_plausibility(const char *device, int flags,
> int *ret_is_dev);
> +char *get_devname(blkid_cache cache, const char *token, const char *value);
>
> #endif /* PLAUSIBLE_H_ */
> diff --git a/misc/Makefile.in b/misc/Makefile.in
> index 4db59cdf..5187883f 100644
> --- a/misc/Makefile.in
> +++ b/misc/Makefile.in
> @@ -360,12 +360,12 @@ dumpe2fs.static: $(DUMPE2FS_OBJS) $(DEPLIBS) $(DEPLIBS_E2P) $(DEPLIBUUID) $(DEPL
> $(STATIC_LIBS) $(STATIC_LIBE2P) $(STATIC_LIBUUID) \
> $(LIBINTL) $(SYSLIBS) $(STATIC_LIBBLKID) $(LIBMAGIC)
>
> -fsck: $(FSCK_OBJS) $(DEPLIBBLKID)
> +fsck: $(FSCK_OBJS) $(DEPLIBBLKID) $(DEPLIBS)
> $(E) " LD $@"
> $(Q) $(CC) $(ALL_LDFLAGS) -o fsck $(FSCK_OBJS) $(LIBBLKID) \
> - $(LIBINTL) $(SYSLIBS)
> + $(LIBINTL) $(SYSLIBS) $(LIBS) $(LIBEXT2FS) $(LIBCOM_ERR)
>
> -fsck.profiled: $(FSCK_OBJS) $(PROFILED_DEPLIBBLKID)
> +fsck.profiled: $(FSCK_OBJS) $(PROFILED_DEPLIBBLKID) $(PROFILED_DEPLIBS)
> $(E) " LD $@"
> $(Q) $(CC) $(ALL_LDFLAGS) -g -pg -o fsck.profiled $(PROFILED_FSCK_OBJS) \
> $(PROFILED_LIBBLKID) $(LIBINTL) $(SYSLIBS)
> @@ -799,7 +799,8 @@ badblocks.o: $(srcdir)/badblocks.c $(top_builddir)/lib/config.h \
> $(top_srcdir)/lib/ext2fs/bitops.h $(top_srcdir)/lib/support/nls-enable.h
> fsck.o: $(srcdir)/fsck.c $(top_builddir)/lib/config.h \
> $(top_builddir)/lib/dirpaths.h $(top_srcdir)/version.h \
> - $(top_srcdir)/lib/support/nls-enable.h $(srcdir)/fsck.h
> + $(top_srcdir)/lib/support/nls-enable.h $(srcdir)/fsck.h \
> + $(top_srcdir)/lib/support/plausible.h
> util.o: $(srcdir)/util.c $(top_builddir)/lib/config.h \
> $(top_builddir)/lib/dirpaths.h $(top_srcdir)/lib/et/com_err.h \
> $(top_srcdir)/lib/e2p/e2p.h $(top_srcdir)/lib/ext2fs/ext2_fs.h \
> diff --git a/misc/e2initrd_helper.c b/misc/e2initrd_helper.c
> index 436aab8c..bfa294fa 100644
> --- a/misc/e2initrd_helper.c
> +++ b/misc/e2initrd_helper.c
> @@ -36,6 +36,7 @@ extern char *optarg;
> #include "ext2fs/ext2fs.h"
> #include "blkid/blkid.h"
> #include "support/nls-enable.h"
> +#include "support/plausible.h"
>
> #include "../version.h"
>
> @@ -262,7 +263,7 @@ static int parse_fstab_line(char *line, struct fs_info *fs)
> parse_escape(freq);
> parse_escape(passno);
>
> - dev = blkid_get_devname(cache, device, NULL);
> + dev = get_devname(cache, device, NULL);
> if (dev)
> device = dev;
>
> @@ -325,7 +326,7 @@ static void PRS(int argc, char **argv)
> }
> if (optind < argc - 1 || optind == argc)
> usage();
> - device_name = blkid_get_devname(NULL, argv[optind], NULL);
> + device_name = get_devname(NULL, argv[optind], NULL);
> if (!device_name) {
> com_err(program_name, 0, _("Unable to resolve '%s'"),
> argv[optind]);
> diff --git a/misc/fsck.c b/misc/fsck.c
> index 4efe10ec..75c520ee 100644
> --- a/misc/fsck.c
> +++ b/misc/fsck.c
> @@ -59,6 +59,7 @@
> #endif
>
> #include "../version.h"
> +#include "support/plausible.h"
> #include "support/nls-enable.h"
> #include "fsck.h"
> #include "blkid/blkid.h"
> @@ -297,7 +298,7 @@ static int parse_fstab_line(char *line, struct fs_info **ret_fs)
> parse_escape(freq);
> parse_escape(passno);
>
> - dev = blkid_get_devname(cache, device, NULL);
> + dev = get_devname(cache, device, NULL);
> if (dev)
> device = dev;
>
> @@ -1128,7 +1129,7 @@ static void PRS(int argc, char *argv[])
> progname);
> exit(EXIT_ERROR);
> }
> - dev = blkid_get_devname(cache, arg, NULL);
> + dev = get_devname(cache, arg, NULL);
> if (!dev && strchr(arg, '=')) {
> /*
> * Check to see if we failed because
> diff --git a/misc/tune2fs.c b/misc/tune2fs.c
> index 6c162ba5..dfa7427b 100644
> --- a/misc/tune2fs.c
> +++ b/misc/tune2fs.c
> @@ -1839,7 +1839,7 @@ static void parse_e2label_options(int argc, char ** argv)
> io_options = strchr(argv[1], '?');
> if (io_options)
> *io_options++ = 0;
> - device_name = blkid_get_devname(NULL, argv[1], NULL);
> + device_name = get_devname(NULL, argv[1], NULL);
> if (!device_name) {
> com_err("e2label", 0, _("Unable to resolve '%s'"),
> argv[1]);
> @@ -2139,7 +2139,7 @@ static void parse_tune2fs_options(int argc, char **argv)
> io_options = strchr(argv[optind], '?');
> if (io_options)
> *io_options++ = 0;
> - device_name = blkid_get_devname(NULL, argv[optind], NULL);
> + device_name = get_devname(NULL, argv[optind], NULL);
> if (!device_name) {
> com_err(program_name, 0, _("Unable to resolve '%s'"),
> argv[optind]);
> diff --git a/misc/util.c b/misc/util.c
> index 48e623dc..2b2ad07b 100644
> --- a/misc/util.c
> +++ b/misc/util.c
> @@ -45,6 +45,7 @@
> #include "ext2fs/ext2_fs.h"
> #include "ext2fs/ext2fs.h"
> #include "support/nls-enable.h"
> +#include "support/plausible.h"
> #include "blkid/blkid.h"
> #include "util.h"
>
> @@ -183,7 +184,7 @@ void parse_journal_opts(const char *opts)
> arg ? arg : "NONE");
> #endif
> if (strcmp(token, "device") == 0) {
> - journal_device = blkid_get_devname(NULL, arg, NULL);
> + journal_device = get_devname(NULL, arg, NULL);
> if (!journal_device) {
> if (arg)
> fprintf(stderr, _("\nCould not find "
> --
> 2.37.1
>
Powered by blists - more mailing lists