Hi Richard, [email protected] wrote on Wed, 17 Jul 2024 10:16:06 +0200:
> Hi Miquel, > > Am Mittwoch, 17. Juli 2024, 10:06:35 CEST schrieb 'Miquel Raynal' via > upstream: > > Hi Richard, > > > > [email protected] wrote on Fri, 12 Jul 2024 10:23:44 +0200: > > > > > The squashfs driver blindly follows symlinks, and calls sqfs_size() > > > recursively. So an attacker can create a crafted filesystem and with > > > a deep enough nesting level a stack overflow can be achieved. > > > > > > Fix by limiting the nesting level to 8. > > > > As this is I believe an arbitrary value, could we define this value > > somewhere and flag it with a comment as "arbitrary" with some details > > from the commit log? Right now the value '8' is hardcoded at least in 3 > > different places. > > I stole the value from the ext4 code. Ah ok, interesting. So I guess it is "enough" and was probably not so random. > Since U-Boot lacks a common filesystem code, there will be always > duplication. I can happily add a common define for the value. Oh yeah, I meant a define in squashfs' code. I was not hinting to declare a global number (even though in practice it would be nice). > > Also, 8 seems rather small, any reason for choosing > > that? I believe this is easy to cross even in non-evil filesystems and > > could perhaps be (again, arbitrarily) increased a bit? > > For ext4 the value seems okay. > So dunno. :-) Yeah, fine I guess. Thanks, Miquèl
