lib/sb: validate s_log_block_size in nilfs_sb_is_valid()#27
Open
TristanInSec wants to merge 1 commit into
Open
lib/sb: validate s_log_block_size in nilfs_sb_is_valid()#27TristanInSec wants to merge 1 commit into
TristanInSec wants to merge 1 commit into
Conversation
Reject superblocks with s_log_block_size > 6 (corresponding to block sizes larger than NILFS_MAX_BLOCK_SIZE = 65536). Without this check, a crafted NILFS2 image can cause undefined behavior via oversized shifts or OOM conditions via excessive allocations in nilfs-tune, dumpseg, and other tools that read from devices. The valid range is 0-6 (1024 to 65536 byte blocks), matching the NILFS_MIN_BLOCK_SIZE and NILFS_MAX_BLOCK_SIZE constants already defined in nilfs2_ondisk.h but previously only enforced in mkfs. Fixes: nilfs-dev#26
Member
|
nilfs_sb_is_valid() is not intended to check all parameters in the superblock, but s_log_block_size is a basic parameter and your point is correct. In fact, nilfs_sb_offset_is_too_small(), which can be called immediately after, also depends on it. Therefore, the patch looks reasonable and I would like to apply it. Could you please add your Signed-off-by line? (We do not accept Git pull requests directly, but I would like to apply it as a patch.) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reject superblocks with
s_log_block_size > 6(block sizes larger thanNILFS_MAX_BLOCK_SIZE). Without this check, a crafted NILFS2 image causes undefined behavior via oversized shifts or OOM conditions in nilfs-tune, dumpseg, and other read-path tools.The valid range is 0-6 (1024 to 65536 byte blocks), matching the constants in
nilfs2_ondisk.halready enforced in mkfs but not in the superblock validator.One-line fix in
nilfs_sb_is_valid().Fixes: #26