From patchwork Thu Oct 26 14:48:00 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyn Welch <martyn@welchs.me.uk>
X-Patchwork-Id: 830771
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="hcuZOQkm"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3yN9sQ3BXvz9t7D
	for <incoming@patchwork.ozlabs.org>;
	Fri, 27 Oct 2017 02:29:14 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 005B8C21E05; Thu, 26 Oct 2017 15:27:55 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 1F977C21DE6;
	Thu, 26 Oct 2017 15:25:33 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 34F18C21C71; Thu, 26 Oct 2017 14:48:15 +0000 (UTC)
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com
	[74.125.82.67])
	by lists.denx.de (Postfix) with ESMTPS id C3923C21C34
	for <u-boot@lists.denx.de>; Thu, 26 Oct 2017 14:48:14 +0000 (UTC)
Received: by mail-wm0-f67.google.com with SMTP id p75so8491903wmg.3
	for <u-boot@lists.denx.de>; Thu, 26 Oct 2017 07:48:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=50OR5jo8ooSkxErWk6hpDZpPF6RkRClIn+jsQbaCUiI=;
	b=hcuZOQkmEtIJHF+k6VwwdDsPBs7M1vHMhsM4egvcGp+OVJebwhjlZfgjowaM/Om2eu
	C5bF8IjwDqTWyZAD7YSZEjXB33r1lA31ekYhSKu3is7Ms4m8Gg9a3DsYlUlft6S3rikh
	m6scSmWpkVzhtIqYtf597Pwt9Yz/pwdWzLRjXU3rVXWWkwzgkw5O78Bm/BPtF43n02a/
	ReMvBIXFneZWqbhSbLtnjwSI9Zr+SsHMbUILCXkS2Y3tKA7J0jzgxhFqKQ5wt3ytXzTe
	RP8YczzI/RluxSZ8DBuMOw2NyI8UFWgrDSsQWKyS8RZOPTloQqgwZhgAeMKuv5zuVnbN
	CysQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=50OR5jo8ooSkxErWk6hpDZpPF6RkRClIn+jsQbaCUiI=;
	b=Y0J4AHMQhazYDQU9RAb6wLP3oszYX+d0vjgb402UKs45ldykemJbmZBWScVO9cSy1w
	WsjZ0NVZvPFFm2SiOU66/He/3/KUpvxxFxQnJ2Ybc4twRbEyfzrrTjoa+Tv5GXEZpryt
	zAOhMVScwVF2rvLhTVvT+UOyT29siIlswI+Evtx3jYF5RhwfxluBjfnb0Tb6+Ix9RwO+
	Y+48mmJYRSHwIFGoGJnRbQ87FXYb75MBnqlSpYz/DNmb1FMdI8I3vsIbEKCm1UiR0AKV
	QFiQ+ySixji/Dg1nCbbqi+U2imgpV+7Q6BhrouklXEaknf6cxB6zgamKHLuFjQdVSMSM
	Q9xA==
X-Gm-Message-State: AMCzsaX/YTnsO85J8Yu+51YLCGWvedO4D0qsV8jcbylZOCT4Q0EDvKmP
	wtapRnyc80ft6RGm5VeOtwRfwg==
X-Google-Smtp-Source: 
 ABhQp+S3QD5ve+xVHO7zstj9DlOKgw3yCmsfiao8CoSlB92vIlqDuc3FKbqMcn/yVx5CGNUlYRKe8Q==
X-Received: by 10.28.54.133 with SMTP id y5mr1632452wmh.6.1509029294215;
	Thu, 26 Oct 2017 07:48:14 -0700 (PDT)
Received: from hades (host86-162-171-239.range86-162.btcentralplus.com.
	[86.162.171.239]) by smtp.gmail.com with ESMTPSA id
	g75sm1188520wme.23.2017.10.26.07.48.10
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 26 Oct 2017 07:48:10 -0700 (PDT)
Received: from martyn by hades with local (Exim 4.84_2)
	(envelope-from <martyn@hades.home>)
	id 1e7jS5-00073W-15; Thu, 26 Oct 2017 15:48:09 +0100
From: Martyn Welch <martyn@welchs.me.uk>
To: u-boot@lists.denx.de
Date: Thu, 26 Oct 2017 15:48:00 +0100
Message-Id: <1509029285-27071-3-git-send-email-martyn@welchs.me.uk>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1509029285-27071-1-git-send-email-martyn@welchs.me.uk>
References: <1509029285-27071-1-git-send-email-martyn@welchs.me.uk>
X-Mailman-Approved-At: Thu, 26 Oct 2017 15:25:26 +0000
Cc: Ian Ray <ian.ray@ge.com>, Martyn Welch <martyn@welchs.me.uk>,
	Martyn Welch <martyn.welch@collabora.co.uk>
Subject: [U-Boot] [PATCH 2/7] ext4: recover from filesystem corruption when
	reading
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

From: Ian Ray <ian.ray@ge.com>

Some fixes when reading EXT files and directory entries were identified
after using e2fuzz to corrupt an EXT3 filesystem:

 - Stop reading directory entries if the offset becomes badly aligned.

 - Avoid overwriting memory by clamping the length used to zero the buffer
   in ext4fs_read_file.  Also sanity check blocksize.

Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk>
Signed-off-by: Martyn Welch <martyn@welchs.me.uk>
---
 fs/ext4/ext4_common.c | 10 ++++++++++
 fs/ext4/ext4fs.c      | 10 +++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
index 31952f4..dac9545 100644
--- a/fs/ext4/ext4_common.c
+++ b/fs/ext4/ext4_common.c
@@ -660,6 +660,11 @@ static int search_dir(struct ext2_inode *parent_inode, char *dirname)
 
 		offset = 0;
 		do {
+			if (offset & 3) {
+				printf("Badly aligned ext2_dirent\n");
+				break;
+			}
+
 			dir = (struct ext2_dirent *)(block_buffer + offset);
 			direntname = (char*)(dir) + sizeof(struct ext2_dirent);
 
@@ -880,6 +885,11 @@ static int unlink_filename(char *filename, unsigned int blknr)
 
 	offset = 0;
 	do {
+		if (offset & 3) {
+			printf("Badly aligned ext2_dirent\n");
+			break;
+		}
+
 		previous_dir = dir;
 		dir = (struct ext2_dirent *)(block_buffer + offset);
 		direntname = (char *)(dir) + sizeof(struct ext2_dirent);
diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index b0c7303..9ee2caf 100644
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -64,6 +64,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 	char *delayed_buf = NULL;
 	short status;
 
+	if (blocksize <= 0)
+		return -1;
+
 	/* Adjust len so it we can't read past the end of the file. */
 	if (len + pos > filesize)
 		len = (filesize - pos);
@@ -127,6 +130,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 					(blockend >> log2blksz);
 			}
 		} else {
+			int n;
 			if (previous_block_number != -1) {
 				/* spill */
 				status = ext4fs_devread(delayed_start,
@@ -137,7 +141,11 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 					return -1;
 				previous_block_number = -1;
 			}
-			memset(buf, 0, blocksize - skipfirst);
+			/* Zero no more than `len' bytes. */
+			n = blocksize - skipfirst;
+			if (n > len)
+				n = len;
+			memset(buf, 0, n);
 		}
 		buf += blocksize - skipfirst;
 	}