Re: [PATCH] hfs: Sanity check the root record

From: Leo Stone
Date: Tue Nov 26 2024 - 12:22:01 EST

Next message: Laurent Pinchart: "Re: [PATCH v2 0/6] media: uvcvideo: Implement the Privacy GPIO as a subdevice"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 1/5] dt-bindings: display: Add Apple pre-DCP display controller bindings"
In reply to: Jan Kara: "Re: [PATCH] hfs: Sanity check the root record"
Next in thread: Jan Kara: "Re: [PATCH] hfs: Sanity check the root record"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On Tue, Nov 26, 2024 at 10:33:13AM +0100, Jan Kara wrote:
>
> This certainly won't hurt but shouldn't we also add some stricter checks
> for entry length so that we know we've loaded enough data to have full info
> about the root dir?

Yes, that would be a good idea. Do we want to keep the existing checks
and just make sure we have at least enough to initialize the struct:

if (fd.entrylength > sizeof(rec) || fd.entrylength < 0 ||
fd.entrylength < sizeof(rec.dir)) {
res = -EIO;
goto bail_hfs_find;
}

Or be even stricter and only accept the exact length:

if (fd.entrylength != sizeof(rec.dir)) {
res = -EIO;
goto bail_hfs_find;
}

Thanks for your feedback,
Leo

Next message: Laurent Pinchart: "Re: [PATCH v2 0/6] media: uvcvideo: Implement the Privacy GPIO as a subdevice"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 1/5] dt-bindings: display: Add Apple pre-DCP display controller bindings"
In reply to: Jan Kara: "Re: [PATCH] hfs: Sanity check the root record"
Next in thread: Jan Kara: "Re: [PATCH] hfs: Sanity check the root record"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]