lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 10 Aug 2020 15:13:25 +0900
From:   "Namjae Jeon" <namjae.jeon@...sung.com>
To:     "'Tetsuhiro Kohada'" <kohada.t2@...il.com>
Cc:     <kohada.tetsuhiro@...mitsubishielectric.co.jp>,
        <mori.takahiro@...mitsubishielectric.co.jp>,
        <motai.hirotaka@...mitsubishielectric.co.jp>,
        "'Sungjong Seo'" <sj1557.seo@...sung.com>,
        <linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 1/2] exfat: add NameLength check when extracting name

> The current implementation doesn't care NameLength when extracting the name from Name dir-entries, so
> the name may be incorrect.
> (Without null-termination, Insufficient Name dir-entry, etc) Add a NameLength check when extracting
> the name from Name dir-entries to extract correct name.
> And, change to get the information of file/stream-ext dir-entries via the member variable of
> exfat_entry_set_cache.
> 
> ** This patch depends on:
>   '[PATCH v3] exfat: integrates dir-entry getting and validation'.
> 
> Signed-off-by: Tetsuhiro Kohada <kohada.t2@...il.com>
> ---
>  fs/exfat/dir.c | 81 ++++++++++++++++++++++++--------------------------
>  1 file changed, 39 insertions(+), 42 deletions(-)
> 
> diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c index 91cdbede0fd1..545bb73b95e9 100644
> --- a/fs/exfat/dir.c
> +++ b/fs/exfat/dir.c
> @@ -28,16 +28,15 @@ static int exfat_extract_uni_name(struct exfat_dentry *ep,
> 
>  }
> 
> -static void exfat_get_uniname_from_ext_entry(struct super_block *sb,
> -		struct exfat_chain *p_dir, int entry, unsigned short *uniname)
> +static int exfat_get_uniname_from_name_entries(struct exfat_entry_set_cache *es,
> +		struct exfat_uni_name *uniname)
>  {
> -	int i;
> -	struct exfat_entry_set_cache *es;
> +	int n, l, i;
>  	struct exfat_dentry *ep;
> 
> -	es = exfat_get_dentry_set(sb, p_dir, entry, ES_ALL_ENTRIES);
> -	if (!es)
> -		return;
> +	uniname->name_len = es->de_stream->name_len;
> +	if (uniname->name_len == 0)
> +		return -EIO;
Can we validate ->name_len and name entry ->type in exfat_get_dentry_set() ?
> 
>  	/*
>  	 * First entry  : file entry
> @@ -45,14 +44,15 @@ static void exfat_get_uniname_from_ext_entry(struct super_block *sb,
>  	 * Third entry  : first file-name entry
>  	 * So, the index of first file-name dentry should start from 2.
>  	 */
> -
> -	i = 2;
> -	while ((ep = exfat_get_validated_dentry(es, i++, TYPE_NAME))) {
> -		exfat_extract_uni_name(ep, uniname);
> -		uniname += EXFAT_FILE_NAME_LEN;
> +	for (l = 0, n = 2; l < uniname->name_len; n++) {
> +		ep = exfat_get_validated_dentry(es, n, TYPE_NAME);
> +		if (!ep)
> +			return -EIO;
> +		for (i = 0; l < uniname->name_len && i < EXFAT_FILE_NAME_LEN; i++, l++)
> +			uniname->name[l] = le16_to_cpu(ep->dentry.name.unicode_0_14[i]);
>  	}
> -
> -	exfat_free_dentry_set(es, false);
> +	uniname->name[l] = 0;
> +	return 0;
>  }

Powered by blists - more mailing lists