99 lines
3.4 KiB
Diff
99 lines
3.4 KiB
Diff
From 05fe97fcc7fb34110fb2ddd338cedc7477e41300 Mon Sep 17 00:00:00 2001
|
|
From: renxudong <renxudong1@huawei.com>
|
|
Date: Sun, 11 Aug 2019 01:04:50 -0400
|
|
Subject: [PATCH 3/8] unsquashfs-Be-more-explicit-when-file-system-corrupt
|
|
|
|
---
|
|
squashfs-tools/unsquash-1.c | 8 ++++++--
|
|
squashfs-tools/unsquash-3.c | 8 ++++++--
|
|
squashfs-tools/unsquash-4.c | 8 ++++++--
|
|
3 files changed, 18 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
|
|
index 1cbf1b1..41888fb 100644
|
|
--- a/squashfs-tools/unsquash-1.c
|
|
+++ b/squashfs-tools/unsquash-1.c
|
|
@@ -264,8 +264,10 @@ struct dir *squashfs_opendir_1(unsigned int block_start, unsigned int offset,
|
|
bytes += sizeof(dirh);
|
|
|
|
/* dir_count should never be larger than SQUASHFS_DIR_COUNT */
|
|
- if(dir_count > SQUASHFS_DIR_COUNT)
|
|
+ if(dir_count > SQUASHFS_DIR_COUNT) {
|
|
+ ERROR("File system corrupted: too many entries in directory\n");
|
|
goto corrupted;
|
|
+ }
|
|
|
|
while(dir_count--) {
|
|
if(swap) {
|
|
@@ -279,8 +281,10 @@ struct dir *squashfs_opendir_1(unsigned int block_start, unsigned int offset,
|
|
bytes += sizeof(*dire);
|
|
|
|
/* size should never be SQUASHFS_NAME_LEN or larger */
|
|
- if(dire->size >= SQUASHFS_NAME_LEN)
|
|
+ if(dire->size >= SQUASHFS_NAME_LEN) {
|
|
+ ERROR("File system corrupted: filename too long\n");
|
|
goto corrupted;
|
|
+ }
|
|
|
|
memcpy(dire->name, directory_table + bytes,
|
|
dire->size + 1);
|
|
diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
|
|
index dc530bb..ac04a6a 100644
|
|
--- a/squashfs-tools/unsquash-3.c
|
|
+++ b/squashfs-tools/unsquash-3.c
|
|
@@ -342,8 +342,10 @@ struct dir *squashfs_opendir_3(unsigned int block_start, unsigned int offset,
|
|
bytes += sizeof(dirh);
|
|
|
|
/* dir_count should never be larger than SQUASHFS_DIR_COUNT */
|
|
- if(dir_count > SQUASHFS_DIR_COUNT)
|
|
+ if(dir_count > SQUASHFS_DIR_COUNT) {
|
|
+ ERROR("File system corrupted: too many entries in directory\n");
|
|
goto corrupted;
|
|
+ }
|
|
|
|
while(dir_count--) {
|
|
if(swap) {
|
|
@@ -357,8 +359,10 @@ struct dir *squashfs_opendir_3(unsigned int block_start, unsigned int offset,
|
|
bytes += sizeof(*dire);
|
|
|
|
/* size should never be SQUASHFS_NAME_LEN or larger */
|
|
- if(dire->size >= SQUASHFS_NAME_LEN)
|
|
+ if(dire->size >= SQUASHFS_NAME_LEN) {
|
|
+ ERROR("File system corrupted: filename too long\n");
|
|
goto corrupted;
|
|
+ }
|
|
|
|
memcpy(dire->name, directory_table + bytes,
|
|
dire->size + 1);
|
|
diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
|
|
index 58eb17d..05b0c5d 100644
|
|
--- a/squashfs-tools/unsquash-4.c
|
|
+++ b/squashfs-tools/unsquash-4.c
|
|
@@ -311,8 +311,10 @@ struct dir *squashfs_opendir_4(unsigned int block_start, unsigned int offset,
|
|
bytes += sizeof(dirh);
|
|
|
|
/* dir_count should never be larger than SQUASHFS_DIR_COUNT */
|
|
- if(dir_count > SQUASHFS_DIR_COUNT)
|
|
+ if(dir_count > SQUASHFS_DIR_COUNT) {
|
|
+ ERROR("File system corrupted: too many entries in directory\n");
|
|
goto corrupted;
|
|
+ }
|
|
|
|
while(dir_count--) {
|
|
SQUASHFS_SWAP_DIR_ENTRY(directory_table + bytes, dire);
|
|
@@ -320,8 +322,10 @@ struct dir *squashfs_opendir_4(unsigned int block_start, unsigned int offset,
|
|
bytes += sizeof(*dire);
|
|
|
|
/* size should never be SQUASHFS_NAME_LEN or larger */
|
|
- if(dire->size >= SQUASHFS_NAME_LEN)
|
|
+ if(dire->size >= SQUASHFS_NAME_LEN) {
|
|
+ ERROR("File system corrupted: filename too long\n");
|
|
goto corrupted;
|
|
+ }
|
|
|
|
memcpy(dire->name, directory_table + bytes,
|
|
dire->size + 1);
|
|
--
|
|
1.8.3.1
|
|
|