加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
backport-fs-iso9660-Add-check-to-prevent-infinite-loop.patch 1.90 KB
一键复制 编辑 原始数据 按行查看 历史
zhangqiumiao 提交于 2023-04-10 22:22 . backport some patches from upstream
From 4e0bab34ece7b757a1b96be59ba54a009a5cc354 Mon Sep 17 00:00:00 2001
From: Lidong Chen <lidong.chen@oracle.com>
Date: Fri, 20 Jan 2023 19:39:38 +0000
Subject: fs/iso9660: Add check to prevent infinite loop
There is no check for the end of block when reading
directory extents. It resulted in read_node() always
read from the same offset in the while loop, thus
caused infinite loop. The fix added a check for the
end of the block and ensure the read is within directory
boundary.
Reference:https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4e0bab34ece7b757a1b96be59ba54a009a5cc354
Conflict:NA
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Thomas Schmitt <scdbackup@gmx.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/iso9660.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index df9f778..24d84a5 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -801,6 +801,16 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
while (dirent.flags & FLAG_MORE_EXTENTS)
{
offset += dirent.len;
+
+ /* offset should within the dir's len. */
+ if (offset > len)
+ {
+ if (ctx.filename_alloc)
+ grub_free (ctx.filename);
+ grub_free (node);
+ return 0;
+ }
+
if (read_node (dir, offset, sizeof (dirent), (char *) &dirent))
{
if (ctx.filename_alloc)
@@ -808,6 +818,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
grub_free (node);
return 0;
}
+
+ /*
+ * It is either the end of block or zero-padded sector,
+ * skip to the next block.
+ */
+ if (!dirent.len)
+ {
+ offset = (offset / GRUB_ISO9660_BLKSZ + 1) * GRUB_ISO9660_BLKSZ;
+ dirent.flags |= FLAG_MORE_EXTENTS;
+ continue;
+ }
+
if (node->have_dirents >= node->alloc_dirents)
{
struct grub_fshelp_node *new_node;
--
cgit v1.1
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化