René Scharfe <l.s.r@xxxxxx> writes: > We could be more strict and reject everything that oversteps > S_IFMT|ALLPERMS, but the latter is not defined everywhere. But > permission bits are well-known, so the magic number 07777 should be > recognizable enough. Like this? I do not quite see the reason why we want to be more strict than we already are at this point in the code path. Stricter mode check in reports FSCK_MSG_ZERO_PADDED_FILEMODE and FSCK_MSG_BAD_FILEMODE from "fsck", which I think is probably sufficient. Avoiding integer wraparound is a good idea, even if it were impossible to induce misparsing of the tree data to lead to any security issues, for the same reason why we check for zero padded filemode, i.e. such a tree mode will allow the same tree object to be given different object names. Thanks.
