Date: Wed, 31 Aug 2011 23:45:12 +0700 (NOVST) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/160339: [patch] fsck_ffs needs to check d_namlen for zero Message-ID: <201108311645.p7VGjCtd002535@grosbein.pp.ru> Resent-Message-ID: <201108311650.p7VGo75t048588@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 160339 >Category: bin >Synopsis: [patch] fsck_ffs needs to check d_namlen for zero >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 31 16:50:06 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 8.2-STABLE amd64 >Organization: RDTC JSC >Environment: System: FreeBSD grosbein.pp.ru 8.2-STABLE FreeBSD 8.2-STABLE #1: Fri Jul 1 18:08:55 NOVST 2011 root@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV amd64 >Description: fsck_ffs checks for directory entry is incomplete: it does not check if d_namlen is zero. OTOH, it checks if namlen > MAXNAMLEN while MAXNAMLEN is 255 and namlen is 8-bit quantity so this check is always false. This check is commented out in NetBSD's fsck_ffs and does not exists in OpenBSD's. But they both do not check for zero value. >How-To-Repeat: My /usr/local filesystem somehow got corrupted, one of subdirectories has a file with zero name length and fsck -y did not find this error. I was forced to apply the following patch and only then the error was corrected: ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames DIRECTORY CORRUPTED I=1531227 OWNER=root MODE=40755 SIZE=4608 MTIME=Aug 30 01:28 2011 DIR=/obj/usr/local/src/secure/lib/libssh SALVAGE? [yn] ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts LINK COUNT FILE I=24 OWNER=root MODE=100644 SIZE=892 MTIME=Sep 17 11:10 2010 COUNT 2 SHOULD BE 1 ADJUST? [yn] ** Phase 5 - Check Cyl groups 459580 files, 7411823 used, 7819495 free (105503 frags, 964249 blocks, 0.7% fragmentation) ***** FILE SYSTEM IS CLEAN ***** ***** FILE SYSTEM WAS MODIFIED ***** >Fix: --- sbin/fsck_ffs/dir.c.orig 2011-08-31 22:54:23.000000000 +0700 +++ sbin/fsck_ffs/dir.c 2011-08-31 23:38:33.000000000 +0700 @@ -225,7 +225,7 @@ type = dp->d_type; if (dp->d_reclen < size || idesc->id_filesize < size || - namlen > MAXNAMLEN || + namlen == 0 || type > 15) goto bad; for (cp = dp->d_name, size = 0; size < namlen; size++) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201108311645.p7VGjCtd002535>