squashfs-tools-ng.git/lib/sqfs, branch v0.6.1

Propperly set errno in read_inode_slink error path

2019-08-25T11:47:25+00:00

Signed-off-by: David Oberhollenzer

Check against format limits in meta_reader_read_dir_header

2019-08-23T11:44:13+00:00

The SquashFS kernel implementation insists that a directory header is followed by no more than an upper bound of entries, way less than what the filed itself actually supports. This commit makes sure that the meta_reader_read_dir_header function also enforces that same limit. Signed-off-by: David Oberhollenzer

Size accounting + alloc() overflow checking, round #2

2019-08-23T11:44:13+00:00

Signed-off-by: David Oberhollenzer

Do bounds checking in metadata reader

2019-08-23T10:10:16+00:00

In all cases where metadata blocks are read, we can roughly (in some cases even preciesly) say in what range those metadata blocks will be, so it makes sense to throw an error if an attempt is made to wander outside this range. Furthermore, when reading from an uncompressed block, it is more reasonable to check against the actual block bounds than to padd it with 0 bytes. Signed-off-by: David Oberhollenzer

Some simple search/replace cases for allocation

2019-08-23T00:09:51+00:00

This commit exchanges some malloc(x + y * z) patterns that can be found with a simple git grep and are obvious for the new wrappers. Signed-off-by: David Oberhollenzer

deserialize_tree: filter out directory loops

2019-08-22T16:24:26+00:00

The tree deserializer does a recursive depth-first search to populate the directory tree, moving back and forth between the directory listing containing the inode references and the inode table pointing to the list of child inodes. It is completely unaware of hard links and creates duplicate nodes instead. It is possible to create a malicious SquashFS image that contains a directory that contains as child a reference to its own inode. This can also be done transitively (i.e. directory contains its own parent or grand parent), leading to infinite recursion (actually finite, since it terminates once all stack memory is exhausted). This commit adds a simple check to see if a node has the same inode number as any of its would-be parents. If it does, the node is discarded and a warning message is emitted. Other cases with arbitrary layers of indirection could be constructed as well (e.g. dir 'a' contains hard link to 'b' and 'b' one back to 'a'), but the sub hierarchies are always expanded, this check should catch that too. Reported-by: Zachary Dremann Signed-off-by: David Oberhollenzer

Fix "no attributes" sentinel value for xattr reader

2019-08-21T18:55:32+00:00

An inode can be of extended type for reasons other than having extended attributes and simply set the xattr ID to 0xFFFFFFFF to indicate that it doesn't have extended attributes. Signed-off-by: David Oberhollenzer

Fix memory leak in data writer fragment deduplication

2019-08-19T01:34:04+00:00

Signed-off-by: David Oberhollenzer

Fix memory leak in data writer error code paths

2019-08-19T01:33:46+00:00

Signed-off-by: David Oberhollenzer

Replace update_crc32 helper function with crc32 from zlib

2019-08-18T20:53:32+00:00

It is optimized to the maximum and if we already use zlib anyway, why not use zlib crc32? This also makes zlib a hard dependency which also means the whole "do we have a compressor" sanity check in the build system can be removed. Signed-off-by: David Oberhollenzer