From: Theodore Ts'o <tytso@mit.edu>
Date: Sun, 14 Aug 2022 03:32:42 +0000 (-0400)
Subject: libext2fs: return an error when byte swapping a corrupted dirblock block
X-Git-Tag: v1.46.6-rc1~15
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=b84eee32d54b20679b27cdff231cd72619e4cc44;p=tools%2Fe2fsprogs.git

libext2fs: return an error when byte swapping a corrupted dirblock block

Except for e2fsck (where we want to expose the corrupted directory
entries to e2fsck mostly so that the e2fsck output stays the same on
big-endian machines compared to little-endian machines, so we don't
break our regression tests), if the directory block is corrupted, and
ext2fs_dirent_swab_in[2](), trips across this, return an error.  This
will make sure that naive users of libextfs will not try to handle a
corrupted directory block.  This prevents potential buffer overruns in
the byte swapping code paths.

This commit does not cause any functional change on little-endian
systems.

Addresses-Coverity-Bug: 1433408
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---

diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c
index 3b473af..b86fe03 100644
--- a/e2fsck/pass2.c
+++ b/e2fsck/pass2.c
@@ -150,6 +150,7 @@ void e2fsck_pass2(e2fsck_t ctx)
 	mtrace_print("Pass 2");
 #endif
 
+	fs->flags |= EXT2_FLAG_IGNORE_SWAP_DIRENT;
 	if (!(ctx->options & E2F_OPT_PREEN))
 		fix_problem(ctx, PR_2_PASS_HEADER, &cd.pctx);
 
@@ -317,6 +318,7 @@ void e2fsck_pass2(e2fsck_t ctx)
 	print_resource_track(ctx, _("Pass 2"), &rtrack, fs->io);
 cleanup:
 	ext2fs_free_mem(&buf);
+	fs->flags &= ~EXT2_FLAG_IGNORE_SWAP_DIRENT;
 }
 
 #define MAX_DEPTH 32000
diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h
index 0ac3e45..1e84074 100644
--- a/lib/ext2fs/ext2fs.h
+++ b/lib/ext2fs/ext2fs.h
@@ -219,6 +219,7 @@ typedef struct ext2_file *ext2_file_t;
 #define EXT2_FLAG_BBITMAP_TAIL_PROBLEM	0x1000000
 #define EXT2_FLAG_IBITMAP_TAIL_PROBLEM	0x2000000
 #define EXT2_FLAG_THREADS		0x4000000
+#define EXT2_FLAG_IGNORE_SWAP_DIRENT	0x8000000
 
 /*
  * Special flag in the ext2 inode i_flag field that means that this is
diff --git a/lib/ext2fs/swapfs.c b/lib/ext2fs/swapfs.c
index cd160b3..5e6b22f 100644
--- a/lib/ext2fs/swapfs.c
+++ b/lib/ext2fs/swapfs.c
@@ -434,11 +434,14 @@ errcode_t ext2fs_dirent_swab_in2(ext2_filsys fs, char *buf,
 			return retval;
 		if ((rec_len < 8) || (rec_len % 4)) {
 			rec_len = 8;
-			retval = EXT2_ET_DIR_CORRUPTED;
+			if (!(fs->flags & EXT2_FLAG_IGNORE_SWAP_DIRENT))
+				return EXT2_ET_DIR_CORRUPTED;
 		} else if (((name_len & 0xFF) + 8) > rec_len)
-			retval = EXT2_ET_DIR_CORRUPTED;
+			if (!(fs->flags & EXT2_FLAG_IGNORE_SWAP_DIRENT))
+				return EXT2_ET_DIR_CORRUPTED;
 		if (rec_len > left)
-			return EXT2_ET_DIR_CORRUPTED;
+			if (!(fs->flags & EXT2_FLAG_IGNORE_SWAP_DIRENT))
+				return EXT2_ET_DIR_CORRUPTED;
 		left -= rec_len;
 		p += rec_len;
 	}