lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 14 Jul 2020 03:35:57 +0000
From:   "Kohada.Tetsuhiro@...MitsubishiElectric.co.jp" 
        <Kohada.Tetsuhiro@...MitsubishiElectric.co.jp>
To:     'Sungjong Seo' <sj1557.seo@...sung.com>
CC:     "Mori.Takahiro@...MitsubishiElectric.co.jp" 
        <Mori.Takahiro@...MitsubishiElectric.co.jp>,
        "Motai.Hirotaka@...MitsubishiElectric.co.jp" 
        <Motai.Hirotaka@...MitsubishiElectric.co.jp>,
        'Namjae Jeon' <namjae.jeon@...sung.com>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [RFC]PATCH] exfat: integrates dir-entry getting and validation

Thanks for your reply.

> >
> >  	/* validiate cached dentries */
> > -	for (i = 1; i < num_entries; i++) {
> > -		ep = exfat_get_dentry_cached(es, i);
> > -		if (!exfat_validate_entry(exfat_get_entry_type(ep), &mode))
> 
> > +	for (i = 1; i < es->num_entries; i++) {
> > +		if (!exfat_get_validated_dentry(es, i, TYPE_SECONDARY))
> >  			goto free_es;
> >  	}
> > +	if (!exfat_get_validated_dentry(es, 1, TYPE_STREAM))
> > +		goto free_es;
> 
> It looks better to move checking TYPE_STREAM above the for-loop.
> And then for-loop should start from index 2.

OK. I'll change that. 
However, this for-loop is considering changing to checksum verification.


> BTW, do you think it is enough to check only TYPE_SECONDARY not TYPE NAME?
> As you might know, FILE, STREAM and NAME entries must be consecutive in order.

I think it is appropriate as a check here.
TYPE_NAME starting without index=2 doesn't accept in exfat_get_uniname_from_ext_entry().
However, I think this is not enough.
This is because there is no check for name-length. (same with or without patch)

I will check the name-length in the next(or after next) patch.


BR
---
Kohada Tetsuhiro <Kohada.Tetsuhiro@...MitsubishiElectric.co.jp>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ