From 436c9802037e5fe57b3d805cc8b1802136072bb4 Mon Sep 17 00:00:00 2001 From: Niu Yawei Date: Mon, 16 Jan 2012 01:01:10 -0800 Subject: [PATCH] LU-997 libext2fs: enforce a max nested link count Port the 'max nested link count' fix from upstream e2fsprogs: Define EXT2FS_MAX_NESTED_LINKS as 8, and check the link count to make sure we don't exceed it in ext2fs_find_block_device() and follow_link(). This fixes a potential infinite loop in ext2fs_find_block_device() if there are symbolic loop links in the device directory. Signed-off-by: Niu Yawei Change-Id: I30940cccfbbc8df8f3b31abed5a7038fb08c1ff6 --- patches/e2fsprogs-max-linkcount-fix.patch | 82 +++++++++++++++++++++++++++++++ patches/series | 1 + 2 files changed, 83 insertions(+) create mode 100644 patches/e2fsprogs-max-linkcount-fix.patch diff --git a/patches/e2fsprogs-max-linkcount-fix.patch b/patches/e2fsprogs-max-linkcount-fix.patch new file mode 100644 index 0000000..c241025 --- /dev/null +++ b/patches/e2fsprogs-max-linkcount-fix.patch @@ -0,0 +1,82 @@ +commit 08ae93a2eda03817deabf08d4da9015a283ed56b +Author: Niu Yawei +Date: Sat Nov 19 23:08:03 2011 -0500 + + libext2fs: enforce a max nested link count in ext2fs_find_block_device() + + Define EXT2FS_MAX_NESTED_LINKS as 8, and check the link count to make + sure we don't exceed it in ext2fs_find_block_device() and + follow_link(). This fixes a potential infinite loop in + ext2fs_find_block_device() if there are symbolic loop links in the + device directory. + + Signed-off-by: Niu Yawei + Signed-off-by: Theodore Ts'o + +diff --git a/lib/ext2fs/ext2fsP.h b/lib/ext2fs/ext2fsP.h +index b182d7f..82e1ba0 100644 +--- a/lib/ext2fs/ext2fsP.h ++++ b/lib/ext2fs/ext2fsP.h +@@ -11,6 +11,8 @@ + + #include "ext2fs.h" + ++#define EXT2FS_MAX_NESTED_LINKS 8 ++ + /* + * Badblocks list + */ +diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c +index 13ef14b..311608d 100644 +--- a/lib/ext2fs/finddev.c ++++ b/lib/ext2fs/finddev.c +@@ -34,6 +34,7 @@ + + #include "ext2_fs.h" + #include "ext2fs.h" ++#include "ext2fsP.h" + + struct dir_list { + char *name; +@@ -128,6 +129,7 @@ char *ext2fs_find_block_device(dev_t device) + struct dir_list *list = 0, *new_list = 0; + struct dir_list *current; + char *ret_path = 0; ++ int level = 0; + + /* + * Add the starting directories to search... +@@ -154,6 +156,9 @@ char *ext2fs_find_block_device(dev_t device) + if (list == 0) { + list = new_list; + new_list = 0; ++ /* Avoid infinite loop */ ++ if (++level >= EXT2FS_MAX_NESTED_LINKS) ++ break; + } + } + free_dirlist(&list); +diff --git a/lib/ext2fs/namei.c b/lib/ext2fs/namei.c +index 6bbb124..efcc02b 100644 +--- a/lib/ext2fs/namei.c ++++ b/lib/ext2fs/namei.c +@@ -20,6 +20,7 @@ + + #include "ext2_fs.h" + #include "ext2fs.h" ++#include "ext2fsP.h" + + static errcode_t open_namei(ext2_filsys fs, ext2_ino_t root, ext2_ino_t base, + const char *pathname, size_t pathlen, int follow, +@@ -45,9 +46,9 @@ static errcode_t follow_link(ext2_filsys fs, ext2_ino_t root, ext2_ino_t dir, + *res_inode = inode; + return 0; + } +- if (link_count++ > 5) { ++ if (link_count++ >= EXT2FS_MAX_NESTED_LINKS) + return EXT2_ET_SYMLINK_LOOP; +- } ++ + /* FIXME-64: Actually, this is FIXME EXTENTS */ + if (ext2fs_inode_data_blocks(fs,&ei)) { + retval = ext2fs_get_mem(fs->blocksize, &buffer); diff --git a/patches/series b/patches/series index 0061958..da640ad 100644 --- a/patches/series +++ b/patches/series @@ -76,6 +76,7 @@ e2fsprogs-e2scan.patch e2fsprogs-tests-s_basic_scan.patch e2fsprogs-data_in_dirent.patch e2fsprogs-tests-f_data_in_dirent.patch +e2fsprogs-max-linkcount-fix.patch e2fsprogs-rpm_RHEL-6.patch e2fsprogs-1.40.4-sb_feature_check_ignore.patch e2fsprogs-rpm_SLES-11.patch -- 1.8.3.1