From patchwork Tue Oct 31 12:16:25 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyn Welch <martyn@welchs.me.uk>
X-Patchwork-Id: 832444
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="evCkmFWQ"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3yR9T53S5tz9t2M
	for <incoming@patchwork.ozlabs.org>;
	Tue, 31 Oct 2017 23:22:01 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 46245C21D88; Tue, 31 Oct 2017 12:20:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 6ECA1C21DC1;
	Tue, 31 Oct 2017 12:17:33 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 6EA0AC21D79; Tue, 31 Oct 2017 12:17:01 +0000 (UTC)
Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com
	[74.125.82.68])
	by lists.denx.de (Postfix) with ESMTPS id BB8A3C21D7E
	for <u-boot@lists.denx.de>; Tue, 31 Oct 2017 12:16:57 +0000 (UTC)
Received: by mail-wm0-f68.google.com with SMTP id m72so22150975wmc.1
	for <u-boot@lists.denx.de>; Tue, 31 Oct 2017 05:16:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=8cgorcsu+QS8CAb+9wcosJXR2Pi7yswJL+/ThK5Lei4=;
	b=evCkmFWQMVlzcwMjmANFsRL07xMglsGVe6b3bMMMh5XeRcJZ1FstaEqaSW568iK2en
	BwG3gP1Pe998E2b5aHCPL0s2fcj0uML8tm9xy2cSFTqcFcry4Kupre8JSNF0iB/mUx9Z
	iZBNCrI0neT9amyaV9kkVVz+mp8ENvnrcCDxS77ntBD4WCvfPWiDdZHu7XOTfqdthXJr
	6bJgDJyuvGBdci0pwAoVeuAjG4n34s2WXhvMe8TYhuiJc5jQG5iY3JwGUwimXyjHkRAD
	1a6Zw4C+xgPYK61FNEYZeYWOJINLfbf0Vs3BRNLlyLdtCLpH3UHc0AGt6v0B2jkGT1Or
	XY3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=8cgorcsu+QS8CAb+9wcosJXR2Pi7yswJL+/ThK5Lei4=;
	b=T7QrLxI2OJYNhln/m4kG1tgkm7PEocfwy+sVMJmD0xJTZbLnpQzXq5iS2LEw9YSxNY
	9PsY4I99k3xHDEhSob8Cj04aXAHiMgOxrlp464qlTyRq5nZNWqv4DBGiHtOcYlYvj81P
	7zK5K9gGD1/cEL0M17cwD0eZ4YWf8J+If8VwjjG7mjWxX7HCd0XY0cG4f7tnOArN/Qfz
	10ETgNFq9Im3TMiB3pqu5qzFsiyry39vRewVcx3kYdZPimBvEIx6G1LZcm3HLDIuhGwy
	8G2OZQH2F3se6pOBge/Ri34vzmzkhLbsJE74ZdoRiro2W4cjtXM2L8DA/rT89iDG98pP
	GD7Q==
X-Gm-Message-State: AMCzsaVKXJn2pSOapIvbgZ++04UOGUOq2mmItGBqu2/h931Yzp1dVjse
	DxnaFO8fUIQdOJpzXBnxuQ5oMQ==
X-Google-Smtp-Source: 
 ABhQp+S4WOOxclq0h0yD+w/h+bxvztz8sA30V8q9E0Iic1LPUKFDbC2x8lY2l08R1g642zGBLUtvaA==
X-Received: by 10.28.69.91 with SMTP id s88mr1689674wma.19.1509452217122;
	Tue, 31 Oct 2017 05:16:57 -0700 (PDT)
Received: from hades (host86-156-77-147.range86-156.btcentralplus.com.
	[86.156.77.147]) by smtp.gmail.com with ESMTPSA id
	u8sm2322206wmd.33.2017.10.31.05.16.54
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 31 Oct 2017 05:16:55 -0700 (PDT)
From: Martyn Welch <martyn@welchs.me.uk>
X-Google-Original-From: Martyn Welch <martyn.welch@collabora.co.uk>
Received: from martyn by hades with local (Exim 4.84_2)
	(envelope-from <martyn@hades.home>)
	id 1e9VTS-0003Ej-0h; Tue, 31 Oct 2017 12:16:54 +0000
To: u-boot@lists.denx.de
Date: Tue, 31 Oct 2017 12:16:25 +0000
Message-Id: <1509452190-12368-3-git-send-email-martyn.welch@collabora.co.uk>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1509452190-12368-1-git-send-email-martyn.welch@collabora.co.uk>
References: <1509452190-12368-1-git-send-email-martyn.welch@collabora.co.uk>
Cc: Ian Ray <ian.ray@ge.com>, Martyn Welch <martyn.welch@collabora.co.uk>
Subject: [U-Boot] [PATCH v2 2/7] ext4: recover from filesystem corruption
	when reading
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

From: Ian Ray <ian.ray@ge.com>

Some fixes when reading EXT files and directory entries were identified
after using e2fuzz to corrupt an EXT3 filesystem:

 - Stop reading directory entries if the offset becomes badly aligned.

 - Avoid overwriting memory by clamping the length used to zero the buffer
   in ext4fs_read_file.  Also sanity check blocksize.

Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk>
---
 fs/ext4/ext4_common.c | 10 ++++++++++
 fs/ext4/ext4fs.c      | 10 +++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
index 31952f4..dac9545 100644
--- a/fs/ext4/ext4_common.c
+++ b/fs/ext4/ext4_common.c
@@ -660,6 +660,11 @@ static int search_dir(struct ext2_inode *parent_inode, char *dirname)
 
 		offset = 0;
 		do {
+			if (offset & 3) {
+				printf("Badly aligned ext2_dirent\n");
+				break;
+			}
+
 			dir = (struct ext2_dirent *)(block_buffer + offset);
 			direntname = (char*)(dir) + sizeof(struct ext2_dirent);
 
@@ -880,6 +885,11 @@ static int unlink_filename(char *filename, unsigned int blknr)
 
 	offset = 0;
 	do {
+		if (offset & 3) {
+			printf("Badly aligned ext2_dirent\n");
+			break;
+		}
+
 		previous_dir = dir;
 		dir = (struct ext2_dirent *)(block_buffer + offset);
 		direntname = (char *)(dir) + sizeof(struct ext2_dirent);
diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index b0c7303..9ee2caf 100644
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -64,6 +64,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 	char *delayed_buf = NULL;
 	short status;
 
+	if (blocksize <= 0)
+		return -1;
+
 	/* Adjust len so it we can't read past the end of the file. */
 	if (len + pos > filesize)
 		len = (filesize - pos);
@@ -127,6 +130,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 					(blockend >> log2blksz);
 			}
 		} else {
+			int n;
 			if (previous_block_number != -1) {
 				/* spill */
 				status = ext4fs_devread(delayed_start,
@@ -137,7 +141,11 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 					return -1;
 				previous_block_number = -1;
 			}
-			memset(buf, 0, blocksize - skipfirst);
+			/* Zero no more than `len' bytes. */
+			n = blocksize - skipfirst;
+			if (n > len)
+				n = len;
+			memset(buf, 0, n);
 		}
 		buf += blocksize - skipfirst;
 	}