| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <003d01d66edd$5baf4810$130dd830$@samsung.com>
Date: Mon, 10 Aug 2020 15:13:25 +0900
From: "Namjae Jeon" <namjae.jeon@...sung.com>
To: "'Tetsuhiro Kohada'" <kohada.t2@...il.com>
Cc: <kohada.tetsuhiro@...mitsubishielectric.co.jp>,
<mori.takahiro@...mitsubishielectric.co.jp>,
<motai.hirotaka@...mitsubishielectric.co.jp>,
"'Sungjong Seo'" <sj1557.seo@...sung.com>,
<linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 1/2] exfat: add NameLength check when extracting name
> The current implementation doesn't care NameLength when extracting the name from Name dir-entries, so
> the name may be incorrect.
> (Without null-termination, Insufficient Name dir-entry, etc) Add a NameLength check when extracting
> the name from Name dir-entries to extract correct name.
> And, change to get the information of file/stream-ext dir-entries via the member variable of
> exfat_entry_set_cache.
>
> ** This patch depends on:
> '[PATCH v3] exfat: integrates dir-entry getting and validation'.
>
> Signed-off-by: Tetsuhiro Kohada <kohada.t2@...il.com>
> ---
> fs/exfat/dir.c | 81 ++++++++++++++++++++++++--------------------------
> 1 file changed, 39 insertions(+), 42 deletions(-)
>
> diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c index 91cdbede0fd1..545bb73b95e9 100644
> --- a/fs/exfat/dir.c
> +++ b/fs/exfat/dir.c
> @@ -28,16 +28,15 @@ static int exfat_extract_uni_name(struct exfat_dentry *ep,
>
> }
>
> -static void exfat_get_uniname_from_ext_entry(struct super_block *sb,
> - struct exfat_chain *p_dir, int entry, unsigned short *uniname)
> +static int exfat_get_uniname_from_name_entries(struct exfat_entry_set_cache *es,
> + struct exfat_uni_name *uniname)
> {
> - int i;
> - struct exfat_entry_set_cache *es;
> + int n, l, i;
> struct exfat_dentry *ep;
>
> - es = exfat_get_dentry_set(sb, p_dir, entry, ES_ALL_ENTRIES);
> - if (!es)
> - return;
> + uniname->name_len = es->de_stream->name_len;
> + if (uniname->name_len == 0)
> + return -EIO;
Can we validate ->name_len and name entry ->type in exfat_get_dentry_set() ?
>
> /*
> * First entry : file entry
> @@ -45,14 +44,15 @@ static void exfat_get_uniname_from_ext_entry(struct super_block *sb,
> * Third entry : first file-name entry
> * So, the index of first file-name dentry should start from 2.
> */
> -
> - i = 2;
> - while ((ep = exfat_get_validated_dentry(es, i++, TYPE_NAME))) {
> - exfat_extract_uni_name(ep, uniname);
> - uniname += EXFAT_FILE_NAME_LEN;
> + for (l = 0, n = 2; l < uniname->name_len; n++) {
> + ep = exfat_get_validated_dentry(es, n, TYPE_NAME);
> + if (!ep)
> + return -EIO;
> + for (i = 0; l < uniname->name_len && i < EXFAT_FILE_NAME_LEN; i++, l++)
> + uniname->name[l] = le16_to_cpu(ep->dentry.name.unicode_0_14[i]);
> }
> -
> - exfat_free_dentry_set(es, false);
> + uniname->name[l] = 0;
> + return 0;
> }
Powered by blists - more mailing lists