diff options
| author | Kirk McKusick <mckusick@FreeBSD.org> | 2023-05-29 21:58:20 +0000 |
|---|---|---|
| committer | Kirk McKusick <mckusick@FreeBSD.org> | 2023-06-07 22:56:12 +0000 |
| commit | a4bea5c479d84d5fb10c6d78abce504253fe8e1d (patch) | |
| tree | 41bc2e2e975b9a0ad65a6228561aaac903abc4ab | |
| parent | 90532db778dc2bca557d5be43c5b9813ba44d80a (diff) | |
| download | src-a4bea5c479d84d5fb10c6d78abce504253fe8e1d.tar.gz src-a4bea5c479d84d5fb10c6d78abce504253fe8e1d.zip | |
Fix a bug in fsck_ffs(8) triggered by corrupted filesystems.
Reported-by: Robert Morris
PR: 271414
Sponsored-by: The FreeBSD Foundation
(cherry picked from commit 6a71277c3037df2c3a70464c2e2bf20dec2c128a)
| -rw-r--r-- | sbin/fsck_ffs/suj.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/sbin/fsck_ffs/suj.c b/sbin/fsck_ffs/suj.c index 5a09943406c8..d1b6d8530ce6 100644 --- a/sbin/fsck_ffs/suj.c +++ b/sbin/fsck_ffs/suj.c @@ -2375,7 +2375,7 @@ suj_check(const char *filesys) { struct inodesc idesc; struct csum *cgsum; - union dinode *jip; + union dinode *dp, *jip; struct inode ip; uint64_t blocks; int i, retval; @@ -2417,7 +2417,17 @@ suj_check(const char *filesys) idesc.id_func = findino; idesc.id_name = SUJ_FILE; ginode(UFS_ROOTINO, &ip); - if ((ckinode(ip.i_dp, &idesc) & FOUND) == FOUND) { + dp = ip.i_dp; + if ((DIP(dp, di_mode) & IFMT) != IFDIR) { + irelse(&ip); + err_suj("root inode is not a directory\n"); + } + if (DIP(dp, di_size) < 0 || DIP(dp, di_size) > MAXDIRSIZE) { + irelse(&ip); + err_suj("negative or oversized root directory %jd\n", + (uintmax_t)DIP(dp, di_size)); + } + if ((ckinode(dp, &idesc) & FOUND) == FOUND) { sujino = idesc.id_parent; irelse(&ip); } else { |