Re: [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, Dec 10, 2019 at 11:19:13AM -0800, Eric Biggers wrote:
> > +static inline bool is_dot_or_dotdot(const unsigned char *name, size_t len)
> > +{
> > +	if (unlikely(name[0] == '.')) {
> > +		if (len < 2 || (len == 2 && name[1] == '.'))
> > +			return true;
> > +	}
> > +
> > +	return false;
> > +}
> This doesn't handle the len=0 case.  Did you check that none of the users pass
> in zero-length names?  It looks like fscrypt_fname_disk_to_usr() can, if the
> directory entry on-disk has a zero-length name.  Currently it will return
> -EUCLEAN in that case, but with this patch it may think it's the name ".".

Trying to wrench this back on track ...

fscrypt_fname_disk_to_usr is called by:

       if (cstr.len == 0)
                return ERR_PTR(-EUCLEAN);
	Does not currently check de->name_len.  I believe this check should
	be added to __ext4_check_dir_entry() because a zero-length directory
	entry can affect both encrypted and non-encrypted directory entries.
	Same as ext4_readdir().  Should probably call ext4_check_dir_entry()?
	Would be covered by a fix to ext4_check_dir_entry().
	if (de->name_len == 0) {
	Does not currently check de->name_len.  Also affects non-encrypted
	directory entries.

So of the six callers, two of them already check the dirent length for
being zero, and four of them ought to anyway, but don't.  I think they
should be fixed, but clearly we don't historically check for this kind
of data corruption (strangely), so I don't think that's a reason to hold
up this patch until the individual filesystems are fixed.

[Index of Archives]     [Linux Crypto]     [Device Mapper Crypto]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux