diff options
author | iedowse <iedowse@FreeBSD.org> | 2001-02-04 01:52:11 +0000 |
---|---|---|
committer | iedowse <iedowse@FreeBSD.org> | 2001-02-04 01:52:11 +0000 |
commit | be2876f24f2c685bf1d2fc62bb16195a46d3a0ad (patch) | |
tree | a95ffc2d21a6b9849b2ff8c73e71829d4d0ed2f0 /sys | |
parent | 62f9307582193e143fe23fdb9866da7efdf2716b (diff) | |
download | FreeBSD-src-be2876f24f2c685bf1d2fc62bb16195a46d3a0ad.zip FreeBSD-src-be2876f24f2c685bf1d2fc62bb16195a46d3a0ad.tar.gz |
Extend the sanity checks in ufs_lookup to ensure that each directory
entry fits within its DIRBLKSIZ block. The surrounding code is
extremely fragile with respect to corruption of the directory entry
'd_reclen' field; if directory corruption occurs, it can blindly
scan forward beyond the end of the filesystem block. Usually this
results in a 'fault on nofault entry' panic.
Directory corruption is now much more likely to be detected, resulting
in a 'ufs_dirbad' panic. If the filesystem is read-only, it will
simply print a warning message, and skip the corrupted block.
Reviewed by: mckusick
Diffstat (limited to 'sys')
-rw-r--r-- | sys/ufs/ufs/ufs_lookup.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/ufs/ufs/ufs_lookup.c b/sys/ufs/ufs/ufs_lookup.c index a403e68..1b6f805 100644 --- a/sys/ufs/ufs/ufs_lookup.c +++ b/sys/ufs/ufs/ufs_lookup.c @@ -242,7 +242,8 @@ searchloop: * "dirchk" to be true. */ ep = (struct direct *)((char *)bp->b_data + entryoffsetinblock); - if (ep->d_reclen == 0 || + if (ep->d_reclen == 0 || ep->d_reclen > + DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1)) || (dirchk && ufs_dirbadentry(vdp, ep, entryoffsetinblock))) { int i; |