From ef4e0825eee3d720a2df762249f0e80bb5f3ef3b Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Wed, 3 Apr 2024 17:30:37 -0400
Subject: [PATCH] libext2fs: always refuse to open a file system with a zero
 s_desc_size

Commit 42c11edd0863 ("ext2fs_open[2](), return an error if s_desc_size
is too large") added a check for an insanely large s_desc_size to
prevent some failures triggered by fuzz testing.  However, it would
allow e2fsck to fall back to recover the file system by using the
backup superblocks by having e2fsck pass the flag
EXT2_FLAG_IGNORE_SB_ERRORS.  But by allowing an s_desc_Size of zero,
it's possible that e2fsck will die with a division of zero error.
With this fix, e2fsck will now print an error message and exit
instead.

https://github.com/tytso/e2fsprogs/issues/183

Fixes: 42c11edd0863 ("ext2fs_open[2](), return an error if s_desc_size is too large")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 lib/ext2fs/openfs.c             |  11 ++++++-----
 tests/f_desc_size_zero/expect.1 |  13 +++++++++++++
 tests/f_desc_size_zero/image.gz | Bin 0 -> 589 bytes
 tests/f_desc_size_zero/name     |   1 +
 tests/f_desc_size_zero/script   |   2 ++
 5 files changed, 22 insertions(+), 5 deletions(-)
 create mode 100644 tests/f_desc_size_zero/expect.1
 create mode 100644 tests/f_desc_size_zero/image.gz
 create mode 100644 tests/f_desc_size_zero/name
 create mode 100644 tests/f_desc_size_zero/script

diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index fd56a9a..eb44d58 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -330,13 +330,14 @@ retry:
 	}
 
 	/* Enforce the block group descriptor size */
-	if (!(flags & EXT2_FLAG_IGNORE_SB_ERRORS) &&
-	    ext2fs_has_feature_64bit(fs->super)) {
+	if (ext2fs_has_feature_64bit(fs->super)) {
 		unsigned desc_size = fs->super->s_desc_size;
 
-		if ((desc_size < EXT2_MIN_DESC_SIZE_64BIT) ||
-		    (desc_size > EXT2_MAX_DESC_SIZE) ||
-		    (desc_size & (desc_size - 1)) != 0) {
+		if (desc_size == 0 ||
+		    (!(flags & EXT2_FLAG_IGNORE_SB_ERRORS) &&
+		     ((desc_size > EXT2_MAX_DESC_SIZE) ||
+		      (desc_size < EXT2_MIN_DESC_SIZE_64BIT) ||
+		      (desc_size & (desc_size - 1)) != 0))) {
 			retval = EXT2_ET_BAD_DESC_SIZE;
 			goto cleanup;
 		}
diff --git a/tests/f_desc_size_zero/expect.1 b/tests/f_desc_size_zero/expect.1
new file mode 100644
index 0000000..acb752a
--- /dev/null
+++ b/tests/f_desc_size_zero/expect.1
@@ -0,0 +1,13 @@
+../e2fsck/e2fsck: Block group descriptor size incorrect while trying to open test.img
+../e2fsck/e2fsck: Trying to load superblock despite errors...
+../e2fsck/e2fsck: Block group descriptor size incorrect while trying to open test.img
+
+The superblock could not be read or does not describe a valid ext2/ext3/ext4
+filesystem.  If the device is valid and it really contains an ext2/ext3/ext4
+filesystem (and not swap or ufs or something else), then the superblock
+is corrupt, and you might try running e2fsck with an alternate superblock:
+    e2fsck -b 8193 <device>
+ or
+    e2fsck -b 32768 <device>
+
+Exit status is 8
diff --git a/tests/f_desc_size_zero/image.gz b/tests/f_desc_size_zero/image.gz
new file mode 100644
index 0000000000000000000000000000000000000000..4e43c0c61e1d07a0729c667dade29aa3cf0d3a25
GIT binary patch
literal 589
zcmb2|=HTEJ<V#~>&dg0rPi1&}*FNJ)fDHSG=}-E+*0ZnWTk99Z?)Y%W!Uc;<3kBX>
zIOyuKL1xi5)~$;J=CTN~m=_ANsEfLk7f#SyG+SX?)1ns(luBQuocWun8TCKmXiW8d
z{y%#9C%NAXeX2cK6vN@L{MFekoz+QU%4<`%>^Xcb?d!I%<>{xk3S27r5`5)_`PGR0
zD4TU5@26jVw?>YytzePBq2p)EpPib{AM(y_*Ur~vnMF4J#cy}T?W+26W8Zf3Rq5+x
zZ%*2`vi|<OYx|x)|ETY(oui#1ZN6^v?-j54f9uYvukwC%>+qWk^QL=lyEEnLHn)G>
zig|Cn)9l~tx9v@~w>Eoe{qKfo%T`_AZtwF4T18%{6h4-<=+eHq>1N+!ucbfv{wuxg
z^Y@!)w|TRfrKw@sx|Xj>)z8lNemQ?%yLS5ja!=#`2Y#LVzi@r~^H*>6J6|)-o%a8r
zx_J2s`xEvG{~P`=f8s}CY%u%G&rmXL%jx_D3xj7eGBO~81%G|cPRZ{6y8qaoFLo{b
zha(qnxb(yG@&69z8y9}Onb-g7?lhOPhr?16Z0={*{SVpq_`ClT>wlZIfA+;!%O3i&
zb4{SGNZp?Qi?03s{{2_o=K3Ax_dm<m%zOW1{kG@U|6Uvvkh}7H{wuG~{xWQJhX22$
egvLDm;Vf=bj_d}~*$v-5@=i>gvxi{<BLe_HY!tEp

literal 0
HcmV?d00001

diff --git a/tests/f_desc_size_zero/name b/tests/f_desc_size_zero/name
new file mode 100644
index 0000000..e77bb11
--- /dev/null
+++ b/tests/f_desc_size_zero/name
@@ -0,0 +1 @@
+zero s_desc_size
diff --git a/tests/f_desc_size_zero/script b/tests/f_desc_size_zero/script
new file mode 100644
index 0000000..8ab2b9c
--- /dev/null
+++ b/tests/f_desc_size_zero/script
@@ -0,0 +1,2 @@
+ONE_PASS_ONLY="true"
+. $cmd_dir/run_e2fsck
-- 
1.8.3.1