bin/160339: [patch] fsck_ffs needs to check d_namlen for zero

Wed, 31 Aug 2011 09:50:21 -0700 

>Number:         160339
>Category:       bin
>Synopsis:       [patch] fsck_ffs needs to check d_namlen for zero
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 31 16:50:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.2-STABLE FreeBSD 8.2-STABLE #1: Fri Jul 1 
18:08:55 NOVST 2011 [email protected]:/usr/local/obj/usr/local/src/sys/DADV 
amd64

>Description:
        fsck_ffs checks for directory entry is incomplete:
        it does not check if d_namlen is zero.

        OTOH, it checks if namlen > MAXNAMLEN while MAXNAMLEN is 255
        and namlen is 8-bit quantity so this check is always false.
        This check is commented out in NetBSD's fsck_ffs and
        does not exists in OpenBSD's. But they both do not check for zero value.

>How-To-Repeat:
        
        My /usr/local filesystem somehow got corrupted, one of subdirectories
        has a file with zero name length and fsck -y did not find this error.
        I was forced to apply the following patch and only then the error
        was corrected:

** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
DIRECTORY CORRUPTED  I=1531227  OWNER=root MODE=40755
SIZE=4608 MTIME=Aug 30 01:28 2011 
DIR=/obj/usr/local/src/secure/lib/libssh

SALVAGE? [yn] 

** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
LINK COUNT FILE I=24  OWNER=root MODE=100644
SIZE=892 MTIME=Sep 17 11:10 2010  COUNT 2 SHOULD BE 1
ADJUST? [yn] 

** Phase 5 - Check Cyl groups
459580 files, 7411823 used, 7819495 free (105503 frags, 964249 blocks, 0.7% 
fragmentation)

***** FILE SYSTEM IS CLEAN *****

***** FILE SYSTEM WAS MODIFIED *****

>Fix:

--- sbin/fsck_ffs/dir.c.orig    2011-08-31 22:54:23.000000000 +0700
+++ sbin/fsck_ffs/dir.c 2011-08-31 23:38:33.000000000 +0700
@@ -225,7 +225,7 @@
        type = dp->d_type;
        if (dp->d_reclen < size ||
            idesc->id_filesize < size ||
-           namlen > MAXNAMLEN ||
+           namlen == 0 ||
            type > 15)
                goto bad;
        for (cp = dp->d_name, size = 0; size < namlen; size++)


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"

Reply via email to