linux/fs/xfs/libxfs
lei lu 0c7fcdb6d0 xfs: don't walk off the end of a directory data block
This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry
to make sure don't stray beyond valid memory region. Before patching, the
loop simply checks that the start offset of the dup and dep is within the
range. So in a crafted image, if last entry is xfs_dir2_data_unused, we
can change dup->length to dup->length-1 and leave 1 byte of space. In the
next traversal, this space will be considered as dup or dep. We may
encounter an out of bound read when accessing the fixed members.

In the patch, we make sure that the remaining bytes large enough to hold
an unused entry before accessing xfs_dir2_data_unused and
xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make
sure that the remaining bytes large enough to hold a dirent with a
single-byte name before accessing xfs_dir2_data_entry.

Signed-off-by: lei lu <llfamsec@gmail.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
2024-07-01 09:32:29 +05:30
..
xfs_ag_resv.c xfs: split xfs_mod_freecounter 2024-04-22 18:00:47 +05:30
xfs_ag_resv.h xfs: split xfs_mod_freecounter 2024-04-22 18:00:47 +05:30
xfs_ag.c xfs: split xfs_mod_freecounter 2024-04-22 18:00:47 +05:30
xfs_ag.h xfs: hook live rmap operations during a repair operation 2024-02-22 12:43:40 -08:00
xfs_alloc_btree.c xfs: rename btree helpers that depends on the block number representation 2024-02-22 12:40:58 -08:00
xfs_alloc_btree.h xfs: split xfs_allocbt_init_cursor 2024-02-22 12:40:12 -08:00
xfs_alloc.c xfs: avoid redundant AGFL buffer invalidation 2024-07-01 09:32:29 +05:30
xfs_alloc.h xfs: avoid redundant AGFL buffer invalidation 2024-07-01 09:32:29 +05:30
xfs_attr_leaf.c xfs: don't remove the attr fork when parent pointers are enabled 2024-04-23 07:47:00 -07:00
xfs_attr_leaf.h xfs: validate attr leaf buffer owners 2024-04-15 14:58:51 -07:00
xfs_attr_remote.c xfs: minor cleanups of xfs_attr3_rmt_blocks 2024-05-02 07:48:37 -07:00
xfs_attr_remote.h xfs: create a helper to compute the blockcount of a max sized remote value 2024-05-02 07:48:36 -07:00
xfs_attr_sf.h xfs: pass the attr value to put_listent when possible 2024-04-23 07:47:00 -07:00
xfs_attr.c xfs: fix xfs_init_attr_trans not handling explicit operation codes 2024-05-27 15:55:52 +05:30
xfs_attr.h xfs: fix xfs_init_attr_trans not handling explicit operation codes 2024-05-27 15:55:52 +05:30
xfs_bit.c xfs: fix missing header includes 2019-11-07 13:00:53 -08:00
xfs_bit.h xfs: Use the correct style for SPDX License Identifier 2020-05-13 15:32:45 -07:00
xfs_bmap_btree.c xfs: rename btree helpers that depends on the block number representation 2024-02-22 12:40:58 -08:00
xfs_bmap_btree.h xfs: remove xfs_bmbt_stage_cursor 2024-02-22 12:39:45 -08:00
xfs_bmap.c xfs: restrict when we try to align cow fork delalloc to cowextsz hints 2024-06-26 14:29:24 +05:30
xfs_bmap.h xfs: xfs_quota_unreserve_blkres can't fail 2024-05-03 11:15:03 +05:30
xfs_btree_mem.c xfs: launder in-memory btree buffers before transaction commit 2024-02-22 12:43:36 -08:00
xfs_btree_mem.h xfs: launder in-memory btree buffers before transaction commit 2024-02-22 12:43:36 -08:00
xfs_btree_staging.c xfs: xfs_btree_bload_prep_block() should use __GFP_NOFAIL 2024-02-28 14:04:30 +05:30
xfs_btree_staging.h xfs: don't override bc_ops for staging btrees 2024-02-22 12:37:35 -08:00
xfs_btree.c xfs: support in-memory btrees 2024-02-22 12:43:35 -08:00
xfs_btree.h xfs: support in-memory btrees 2024-02-22 12:43:35 -08:00
xfs_cksum.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfs_da_btree.c xfs: fix error returns from xfs_bmapi_write 2024-04-30 09:45:18 +05:30
xfs_da_btree.h xfs: create attr log item opcodes and formats for parent pointers 2024-04-23 07:46:57 -07:00
xfs_da_format.h xfs: turn XFS_ATTR3_RMT_BUF_SPACE into a function 2024-05-02 07:48:36 -07:00
xfs_defer.c xfs: Increase XFS_DEFER_OPS_NR_INODES to 5 2024-04-15 14:59:01 -07:00
xfs_defer.h xfs: Increase XFS_DEFER_OPS_NR_INODES to 5 2024-04-15 14:59:01 -07:00
xfs_dir2_block.c xfs: validate explicit directory block buffer owners 2024-04-15 14:58:52 -07:00
xfs_dir2_data.c xfs: don't walk off the end of a directory data block 2024-07-01 09:32:29 +05:30
xfs_dir2_leaf.c xfs: validate explicit directory free block owners 2024-04-15 14:58:52 -07:00
xfs_dir2_node.c xfs: validate explicit directory free block owners 2024-04-15 14:58:52 -07:00
xfs_dir2_priv.h xfs: don't walk off the end of a directory data block 2024-07-01 09:32:29 +05:30
xfs_dir2_sf.c xfs: convert remaining kmem_free() to kfree() 2024-02-13 18:07:34 +05:30
xfs_dir2.c xfs: refactor dir format helpers 2024-04-26 11:21:46 +05:30
xfs_dir2.h xfs: refactor dir format helpers 2024-04-26 11:21:46 +05:30
xfs_dquot_buf.c xfs: remove the xfs_dqblk_t typedef 2021-10-14 09:19:33 -07:00
xfs_errortag.h xfs: add error injection to test file mapping exchange recovery 2024-04-15 14:54:19 -07:00
xfs_exchmaps.c xfs: refactor dir format helpers 2024-04-26 11:21:46 +05:30
xfs_exchmaps.h xfs: use atomic extent swapping to fix user file fork data 2024-04-15 14:58:53 -07:00
xfs_format.h xfs: enable parent pointers 2024-04-23 07:47:01 -07:00
xfs_fs.h xfs: fix direction in XFS_IOC_EXCHANGE_RANGE 2024-06-26 14:29:25 +05:30
xfs_health.h xfs: report directory tree corruption in the health information 2024-04-23 16:55:17 -07:00
xfs_ialloc_btree.c xfs: pass xfs_buf lookup flags to xfs_*read_agi 2024-04-15 14:54:03 -07:00
xfs_ialloc_btree.h xfs: split xfs_inobt_init_cursor 2024-02-22 12:40:49 -08:00
xfs_ialloc.c xfs: try to avoid allocating from sick inode clusters 2024-04-15 14:58:59 -07:00
xfs_ialloc.h xfs: pass xfs_buf lookup flags to xfs_*read_agi 2024-04-15 14:54:03 -07:00
xfs_iext_tree.c xfs: use __GFP_NOLOCKDEP instead of GFP_NOFS 2024-02-13 18:07:34 +05:30
xfs_inode_buf.c xfs: allow unlinked symlinks and dirs with zero size 2024-06-26 14:29:25 +05:30
xfs_inode_buf.h xfs: kill xfs_sb_version_has_v3inode() 2021-08-19 10:07:14 -07:00
xfs_inode_fork.c xfs: simplify iext overflow checking and upgrade 2024-05-03 11:20:06 +05:30
xfs_inode_fork.h xfs: simplify iext overflow checking and upgrade 2024-05-03 11:20:06 +05:30
xfs_log_format.h xfs: record inode generation in xattr update log intent items 2024-04-23 07:46:57 -07:00
xfs_log_recover.h xfs: capture inode generation numbers in the ondisk exchmaps log item 2024-04-15 14:54:24 -07:00
xfs_log_rlimit.c xfs: drop compatibility minimum log size computations for reflink 2024-04-23 07:47:01 -07:00
xfs_ondisk.h xfs: add parent pointer ioctls 2024-04-23 07:47:00 -07:00
xfs_parent.c xfs: add raw parent pointer apis to support repair 2024-04-23 07:47:04 -07:00
xfs_parent.h xfs: add raw parent pointer apis to support repair 2024-04-23 07:47:04 -07:00
xfs_quota_defs.h xfs: remove warning counters from struct xfs_dquot_res 2022-05-11 17:12:09 +10:00
xfs_refcount_btree.c xfs: rename btree helpers that depends on the block number representation 2024-02-22 12:40:58 -08:00
xfs_refcount_btree.h xfs: remove xfs_refcountbt_stage_cursor 2024-02-22 12:39:40 -08:00
xfs_refcount.c xfs: split the per-btree union in struct xfs_btree_cur 2024-02-22 12:37:03 -08:00
xfs_refcount.h xfs: create a ranged query function for refcount btrees 2023-12-15 10:03:40 -08:00
xfs_rmap_btree.c xfs: create a shadow rmap btree during rmap repair 2024-02-22 12:43:39 -08:00
xfs_rmap_btree.h xfs: create a shadow rmap btree during rmap repair 2024-02-22 12:43:39 -08:00
xfs_rmap.c xfs: hook live rmap operations during a repair operation 2024-02-22 12:43:40 -08:00
xfs_rmap.h xfs: hook live rmap operations during a repair operation 2024-02-22 12:43:40 -08:00
xfs_rtbitmap.c xfs: refactor realtime inode locking 2024-04-22 18:00:47 +05:30
xfs_rtbitmap.h xfs: refactor realtime inode locking 2024-04-22 18:00:47 +05:30
xfs_sb.c xfs: make sure sb_fdblocks is non-negative 2024-06-10 11:38:12 +05:30
xfs_sb.h xfs: allow sunit mount option to repair bad primary sb stripe values 2024-03-25 10:17:18 +05:30
xfs_shared.h xfs: move RT inode locking out of __xfs_bunmapi 2024-04-22 18:00:47 +05:30
xfs_symlink_remote.c xfs: pass the owner to xfs_symlink_write_target 2024-04-15 14:58:57 -07:00
xfs_symlink_remote.h xfs: pass the owner to xfs_symlink_write_target 2024-04-15 14:58:57 -07:00
xfs_trans_inode.c xfs: Replace xfs_isilocked with xfs_assert_ilocked 2024-02-19 21:19:33 +05:30
xfs_trans_resv.c xfs: extend transaction reservations for parent attributes 2024-04-23 07:46:57 -07:00
xfs_trans_resv.h xfs: rename xfs_*alloc*_log_count to _block_count 2022-04-28 10:25:59 -07:00
xfs_trans_space.c xfs: Add parent pointers to rename 2024-04-23 07:46:59 -07:00
xfs_trans_space.h xfs: Add parent pointers to rename 2024-04-23 07:46:59 -07:00
xfs_types.c xfs: rename xfs_verify_rtext to xfs_verify_rtbext 2023-10-17 16:24:22 -07:00
xfs_types.h xfs: remove xfs_btnum_t 2024-02-22 12:40:51 -08:00