grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/4] fs/iso9660: Add check to prevent infinite loop


From: Lidong Chen
Subject: [PATCH 1/4] fs/iso9660: Add check to prevent infinite loop
Date: Wed, 14 Dec 2022 18:55:02 +0000

There is no check for the end of block When reading
directory extents. It resulted in read_node() always
read from the same offset in the while loop, thus
caused infinite loop. The fix added a check for the
end of the block and ensure the read is within directory
boundary.

Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
---
 grub-core/fs/iso9660.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index 91817ec1f..4f4cd6165 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -795,6 +795,15 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
        while (dirent.flags & FLAG_MORE_EXTENTS)
          {
            offset += dirent.len;
+
+           /* offset should within the dir's len. */
+           if (offset > len)
+             {
+               if (ctx.filename_alloc)
+                 grub_free (ctx.filename);
+               return 0;
+             }
+
            if (read_node (dir, offset, sizeof (dirent), (char *) &dirent))
              {
                if (ctx.filename_alloc)
@@ -802,6 +811,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir,
                grub_free (node);
                return 0;
              }
+
+           /*
+            * It is either the end of block or zero-padded sector,
+            * skip to the next block.
+            */
+           if (!dirent.len)
+             {
+               offset = (offset / GRUB_ISO9660_BLKSZ + 1) * GRUB_ISO9660_BLKSZ;
+               dirent.flags |= FLAG_MORE_EXTENTS;
+               continue;
+             }
+
            if (node->have_dirents >= node->alloc_dirents)
              {
                struct grub_fshelp_node *new_node;
-- 
2.35.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]