lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56474DDB.7020904@nod.at>
Date:	Sat, 14 Nov 2015 16:06:03 +0100
From:	Richard Weinberger <richard@....at>
To:	OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
Cc:	Vegard Nossum <vegard.nossum@...cle.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: Endless getdents() in vfat filesystem

Am 14.11.2015 um 15:28 schrieb OGAWA Hirofumi:
> Vegard Nossum <vegard.nossum@...cle.com> writes:
> 
>> On 11/14/2015 11:32 AM, Richard Weinberger wrote:
>>> On Sat, Nov 14, 2015 at 2:19 AM, Vegard Nossum <vegard.nossum@...cle.com> wrote:
>>>> Hi,
>>>>
>>>> Using the attached disk image I observe that getdents() never returns
>>>> the end of the directory, i.e. mounting the disk image on a loopback
>>>> device and running 'ls' under strace shows an endless stream of:
>>>>
>>>> getdents(3, /* 2 entries */, 32768)     = 48
>>>> getdents(3, /* 2 entries */, 32768)     = 48
>>>> getdents(3, /* 2 entries */, 32768)     = 48
>>>> ...
>>>
>>> Please more details. Is this image hand crafted?
>>> If not, how has it been created? Is is supposed to work?
>>
>> It was created by fuzzing, it is not supposed to work per se.
>>
>>>  From a quick look it seems as the root directory is bad but we report
>>> progress in ->iterate.
>>> ctx->pos is 2, we set it back to 0, because of the faked dot entries.
>>> but fat_get_entry() did not make any progress and we report 0 back to VFS.
>>> So, VFS sees progress and the game continues.
>>>
>>> Does the attached patch help?
>>
>> Yes, it does fixes the problem here, but I can't really comment on the
>> correctness of the patch.
>>
>> Thanks for the quick reponse,
> 
> I made cleanup and made sure fake_offset is corrected.
> 
> Richard, Signed-off-by was missed in your patch, so I added. Can you
> agree to Signed-off-by?

Sure!

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ