Re: e2fsprogs: Avoid infinite loop in ext2fs_find_block_device()

Niu <niu@xxxxxxxxxxxxx> · Fri, 04 Nov 2011 20:50:38 +0800

>From 81bfd58b3980f940c23f87f891365a289df776ec Mon Sep 17 00:00:00 2001
From: Niu Yawei <niu@xxxxxxxxxxxxx>
Date: Wed, 2 Nov 2011 04:31:11 +0800
Subject: [PATCH] e2fsprogs: maximum nested link count

Define EXT2FS_MAX_NESTED_LINKS as 8, and check the link count
not exceeding it in ext2fs_find_block_device() and follow_link().

Signed-off-by: Niu Yawei <niu@xxxxxxxxxxxxx>
---
 lib/ext2fs/ext2fsP.h |    2 ++
 lib/ext2fs/finddev.c |    5 +++++
 lib/ext2fs/namei.c   |    3 ++-
 3 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/lib/ext2fs/ext2fsP.h b/lib/ext2fs/ext2fsP.h
index b182d7f..82e1ba0 100644
--- a/lib/ext2fs/ext2fsP.h
+++ b/lib/ext2fs/ext2fsP.h
@@ -11,6 +11,8 @@
 
 #include "ext2fs.h"
 
+#define EXT2FS_MAX_NESTED_LINKS  8
+
 /*
  * Badblocks list
  */
diff --git a/lib/ext2fs/finddev.c b/lib/ext2fs/finddev.c
index 13ef14b..311608d 100644
--- a/lib/ext2fs/finddev.c
+++ b/lib/ext2fs/finddev.c
@@ -34,6 +34,7 @@
 
 #include "ext2_fs.h"
 #include "ext2fs.h"
+#include "ext2fsP.h"
 
 struct dir_list {
 	char	*name;
@@ -128,6 +129,7 @@ char *ext2fs_find_block_device(dev_t device)
 	struct dir_list *list = 0, *new_list = 0;
 	struct dir_list *current;
 	char	*ret_path = 0;
+	int    level = 0;
 
 	/*
 	 * Add the starting directories to search...
@@ -154,6 +156,9 @@ char *ext2fs_find_block_device(dev_t device)
 		if (list == 0) {
 			list = new_list;
 			new_list = 0;
+			/* Avoid infinite loop */
+			if (++level >= EXT2FS_MAX_NESTED_LINKS)
+				break;
 		}
 	}
 	free_dirlist(&list);
diff --git a/lib/ext2fs/namei.c b/lib/ext2fs/namei.c
index 6bbb124..a936474 100644
--- a/lib/ext2fs/namei.c
+++ b/lib/ext2fs/namei.c
@@ -20,6 +20,7 @@
 
 #include "ext2_fs.h"
 #include "ext2fs.h"
+#include "ext2fsP.h"
 
 static errcode_t open_namei(ext2_filsys fs, ext2_ino_t root, ext2_ino_t base,
 			    const char *pathname, size_t pathlen, int follow,
@@ -45,7 +46,7 @@ static errcode_t follow_link(ext2_filsys fs, ext2_ino_t root, ext2_ino_t dir,
 		*res_inode = inode;
 		return 0;
 	}
-	if (link_count++ > 5) {
+	if (link_count++ >= EXT2FS_MAX_NESTED_LINKS) {
 		return EXT2_ET_SYMLINK_LOOP;
 	}
 	/* FIXME-64: Actually, this is FIXME EXTENTS */
-- 
1.7.1



> On Nov 3, 2011, at 10:47 AM, Eric Sandeen wrote:
>
>> My only concern would be that depth 5 isn't totally unreasonable in real life, and this causes it to silently stop searching, right?
>> Would there be much harm in making the limit much higher, to be fairly sure that it has wandered off into the weeds?
> Agreed, the kernel currently uses a limit of 8.  And we should use a #define for this in lib/ext2fs/ext2fsP.h, and use it for both finddev.c and lib/ext2fs/namei.c.
>
> -- Ted
>

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





