It's possible with a fuzzed filesystem for JFS to keep getblk()-ing
the same data over and over again, leading to stack exhaustion.
Check if we'd be calling the function with exactly the same data as
was passed in, and if so abort.
I'm not sure what the performance impact of this is and am open to
better ideas.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
getblk() implicitly trusts that treehead->count is an accurate count of
the number of extents. However, that value is read from disk and is not
trustworthy, leading to OOB reads and crashes. I am not sure to what
extent the data read from OOB can influence subsequent program execution.
Require callers to pass in the maximum number of extents for which
they have storage.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Fuzzing JFS revealed crashes where a negative number would be passed
to le_to_cpu16_copy(). There it would be cast to a large positive number
and the copy would read and write off the end of the respective buffers.
Catch this at the top as well as the bottom of the loop.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Disable the -Wadress-of-packaed-member diagnostic for the
grub_jfs_getent function since the result is found to be false postive.
The leaf is read into memory as continous chunks in size of 32 bytes and
the pointer to its base is aligned, which also guarentee its member
leaf->namepart is aligned.
[ 60s] ../grub-core/fs/jfs.c: In function 'grub_jfs_getent':
[ 60s] ../grub-core/fs/jfs.c:557:44: error: taking address of packed member of 'struct grub_jfs_leaf_dirent' may result in an unaligned pointer value [-Werror=address-of-packed-member]
[ 60s] 557 | le_to_cpu16_copy (filename + strpos, leaf->namepart, len < diro->data->namecomponentlen ? len
[ 60s] | ~~~~^~~~~~~~~~
[ 60s] ../grub-core/fs/jfs.c:570:48: error: taking address of packed member of 'struct grub_jfs_leaf_next_dirent' may result in an unaligned pointer value [-Werror=address-of-packed-member]
[ 60s] 570 | le_to_cpu16_copy (filename + strpos, next_leaf->namepart, len < 15 ? len : 15);
[ 60s] | ~~~~~~~~~^~~~~~~~~~
[ 60s] cc1: all warnings being treated as errors
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
We have only 92K of stack and using over 4K per frame is wasteful
* grub-core/fs/jfs.c (getblk): Allocate on heap rather than on
stack. Note: this function is recursive.
(grub_jfs_read_inode): Read only part we care about.
strncpy.
* grub-core/fs/jfs.c (grub_jfs_lookup_symlink): Likewise.
* grub-core/kern/misc.c (grub_strncpy): Move from here ...
* include/grub/misc.h (grub_strncpy): ... to here. Make inline.
* grub-core/net/net.c (grub_net_addr_to_str): Use COMPILE_TIME_ASSERT
+ strcpy rather than strncpy.
* grub-core/fs/jfs.c (grub_jfs_sblock): New field flags.
(grub_jfs_data): New field namecomponentlen.
(grub_jfs_mount): Fill namecomponentlen.
(grub_jfs_getent): Use namecomponentlen rather than hardcoded 11.
* grub-core/fs/affs.c (grub_affs_time): New struct.
(grub_affs_file): New field mtime.
(grub_fshelp_node): Changed 'block' and 'parent' to more appropriate
type. Removed 'size'. New field 'di'. All users updated.
(grub_affs_mount): Simplify checsum checking.
(grub_affs_iterate_dir): New helper grub_affs_create_node.
(grub_affs_dir): Handle mtime.
* grub-core/fs/cpio.c (grub_cpio_find_file): Handle mtime.
(grub_cpio_dir): Likewise.
* grub-core/fs/hfs.c (grub_hfs_dirrec): New fields 'ctime' and 'mtime'.
(grub_hfs_filerec): New field mtime.
(grub_hfs_dir): Handle mtime.
(grub_hfs_mtime): New function.
(grub_hfs_fs): Register grub_hfs_mtime.
* grub-core/fs/iso9660.c (grub_iso9660_date2): New struct.
(grub_iso9660_dir): New field mtime.
(grub_fshelp_node): New field dirent.
(iso9660_to_unixtime): New function.
(iso9660_to_unixtime2): Likewise.
(grub_iso9660_read_symlink): Use node->dirent.
(grub_iso9660_iterate_dir): Likewise.
(grub_iso9660_dir): Set mtime.
(grub_iso9660_mtime): New function.
(grub_iso9660_fs): Register grub_iso9660_mtime.
* grub-core/fs/jfs.c (grub_jfs_time): New struct.
(grub_jfs_inode): New fields atime, ctime and mtime.
(grub_jfs_dir): Set mtime.
* grub-core/fs/minix.c (grub_minix_dir): Likewise.
* grub-core/fs/ntfs.c (list_file): Set mtime.
(grub_ntfs_dir): Likewise.
* grub-core/fs/reiserfs.c (grub_fshelp_node): New field 'mtime'.
(grub_reiserfs_iterate_dir): Set mtime.
(grub_reiserfs_dir): Likewise.
* grub-core/fs/sfs.c (grub_sfs_obj): New field mtime.
(grub_fshelp_node): Likewise.
(grub_sfs_iterate_dir): Set mtime.
(grub_sfs_dir): Likewise.
* grub-core/fs/udf.c (grub_udf_dir): Set mtime.
* grub-core/fs/xfs.c (grub_xfs_time): New struct.
(grub_xfs_inode): New fields atime, mtime, ctime.
(grub_xfs_dir): Set mtime.
* include/grub/datetime.h (grub_datetime2unixtime): New function.
* include/grub/hfs.h (grub_hfs_sblock): New fields ctime and mtime.
* include/grub/ntfs.h (grub_fshelp_node): New field mtime.
Support UDF symlinks.
* grub-core/fs/udf.c (grub_udf_iterate_dir): Handle symlinks.
(grub_ufs_read_symlink): New function. All users updated.
Check amiga partmap checksum.
* grub-core/partmap/amiga.c (grub_amiga_rdsk): Pad to 128 bytes.
(grub_amiga_partition): Likewise.
(amiga_partition_map_checksum): New function.
(amiga_partition_map_iterate): Check checksum.
memory corruptions.
* grub-core/fs/jfs.c (struct grub_jfs_diropen): Interpret bytes as
unsigned.
(grub_jfs_lookup_symlink): Make ino a grub_uint32_t rather than int.
(grub_jfs_blkno): Use 64-bit quantities for block sectors.
(grub_jfs_read_inode): Likewise.
(grub_jfs_opendir): Likewise. Remove now useless casts.
(grub_jfs_getent): Likewise.
Make ino a grub_uint32_t rather than int.
(grub_jfs_mount): Ensure that blksize and log2_blksize are consistent.
(grub_jfs_read_file): Use 64-bit quantities when necessary. Replace
division and module with bit operations.
(grub_jfs_find_file): Make ino a grub_uint32_t.
(grub_jfs_lookup_symlink): Likewise. Use 64-bit quantities
