Message ID | 20190401130044.19811-1-s.hauer@pengutronix.de |
---|---|
State | Accepted |
Delegated to: | Richard Weinberger |
Headers | show |
Series | ubifs: Do not skip hash checking in data nodes | expand |
Am Montag, 1. April 2019, 15:00:44 CEST schrieb Sascha Hauer: > UBIFS bails out early from try_read_node() when it doesn't have to check > the CRC. Still the node hash has to be checked, otherwise wrong data > could be sneaked into the FS. Fix this by not bailing out early and > always checking the node hash. > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Good catch! I think we need another UBIFS self-check to catch such issues. How about adding a marker to each in-memory node/page up on checking? That way a self-check can walk UBIFS in-memory data structures and check whether everything has the marker set. If not, we found a bug in the auth code. Thanks, //richard
diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c index 25572ffea163..ebf8c26f5b22 100644 --- a/fs/ubifs/tnc.c +++ b/fs/ubifs/tnc.c @@ -479,14 +479,13 @@ static int try_read_node(const struct ubifs_info *c, void *buf, int type, if (node_len != len) return 0; - if (type == UBIFS_DATA_NODE && c->no_chk_data_crc && !c->mounting && - !c->remounting_rw) - return 1; - - crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8); - node_crc = le32_to_cpu(ch->crc); - if (crc != node_crc) - return 0; + if (type != UBIFS_DATA_NODE || !c->no_chk_data_crc || c->mounting || + c->remounting_rw) { + crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8); + node_crc = le32_to_cpu(ch->crc); + if (crc != node_crc) + return 0; + } err = ubifs_node_check_hash(c, buf, zbr->hash); if (err) {
UBIFS bails out early from try_read_node() when it doesn't have to check the CRC. Still the node hash has to be checked, otherwise wrong data could be sneaked into the FS. Fix this by not bailing out early and always checking the node hash. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> --- fs/ubifs/tnc.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-)