Date: Mon, 10 Mar 2008 13:02:10 GMT From: Jaakko Heinonen <jh@saunalahti.fi> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/121559: [patch] [geom] geom label class allows to create inaccessible labels Message-ID: <200803101302.m2AD2AwZ063751@www.freebsd.org> Resent-Message-ID: <200803101310.m2ADA4LM001859@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121559 >Category: kern >Synopsis: [patch] [geom] geom label class allows to create inaccessible labels >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 10 13:10:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Jaakko Heinonen >Release: 7.0-RELEASE / 8.0-CURRENT >Organization: >Environment: >Description: GEOM label class allows to create labels which are inaccessible through the label names and causes invalid entries to be created under /dev tree. Here are examples of such names: / (slash) /foo (label starting with slash) foo/ (label ending with slash) /..bar/.. (label ending with /..) (empty string) There's supposedly a code in g_label_is_name_ok() (src/sys/geom/label/g_label.c) that prevents labels ending with "/.." to be created: /* Check is the label ends at ../ */ if ((s = strstr(label, "/..")) != NULL && s[3] == '\0') return (0); However the code is incorrect and it allow for example a label named "/..bar/.." to be created. Following patch disallows these label names: - empty labels - labels starting or ending with '/' - labels ending with "/.." The patch also corrects some typos in comments, adds a proper error reporting when invalid labels are tried to create with glabel(8) and corrects a typo in error message. >How-To-Repeat: (You need sysutils/e2fsprogs from ports.) # dd if=/dev/zero of=e2img bs=1M count=10 10+0 records in 10+0 records out 10485760 bytes transferred in 0.334605 secs (31337729 bytes/sec) # mdconfig -a -t vnode -f e2img md0 # mke2fs /dev/md0 >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803101302.m2AD2AwZ063751>