squashfs-tools-ng.git/lib, branch v0.6.1

Merge alloc_flex conditionals into one

2019-08-27T11:05:26+00:00

It is shorter and less confusing for coverity. Signed-off-by: David Oberhollenzer

Tune the paranoia down a bit

2019-08-26T07:20:31+00:00

size_t is guaranteed to be large enough to measure the size of things in memory, so when doing exactely that (e.g. strlen(a) + strlen(b)), checking for overflow is pointless since both objects are already in memory. If the addition would overflow, the two strings would occupy more memory than addressable. (Possible exception being some kind of harward style architecture with the two strings being in different kinds of memory of course.) Signed-off-by: David Oberhollenzer

Propperly set errno in read_inode_slink error path

2019-08-25T11:47:25+00:00

Signed-off-by: David Oberhollenzer

Size accounting + alloc() overflow checking, round #3

2019-08-25T11:47:25+00:00

Signed-off-by: David Oberhollenzer

Check against format limits in meta_reader_read_dir_header

2019-08-23T11:44:13+00:00

The SquashFS kernel implementation insists that a directory header is followed by no more than an upper bound of entries, way less than what the filed itself actually supports. This commit makes sure that the meta_reader_read_dir_header function also enforces that same limit. Signed-off-by: David Oberhollenzer

Size accounting + alloc() overflow checking, round #2

2019-08-23T11:44:13+00:00

Signed-off-by: David Oberhollenzer

Do bounds checking in metadata reader

2019-08-23T10:10:16+00:00

In all cases where metadata blocks are read, we can roughly (in some cases even preciesly) say in what range those metadata blocks will be, so it makes sense to throw an error if an attempt is made to wander outside this range. Furthermore, when reading from an uncompressed block, it is more reasonable to check against the actual block bounds than to padd it with 0 bytes. Signed-off-by: David Oberhollenzer

Some simple search/replace cases for allocation

2019-08-23T00:09:51+00:00

This commit exchanges some malloc(x + y * z) patterns that can be found with a simple git grep and are obvious for the new wrappers. Signed-off-by: David Oberhollenzer

Add wrappers for calloc style functions with size overflow checking

2019-08-23T00:06:31+00:00

Signed-off-by: David Oberhollenzer

deserialize_tree: filter out directory loops

2019-08-22T16:24:26+00:00

The tree deserializer does a recursive depth-first search to populate the directory tree, moving back and forth between the directory listing containing the inode references and the inode table pointing to the list of child inodes. It is completely unaware of hard links and creates duplicate nodes instead. It is possible to create a malicious SquashFS image that contains a directory that contains as child a reference to its own inode. This can also be done transitively (i.e. directory contains its own parent or grand parent), leading to infinite recursion (actually finite, since it terminates once all stack memory is exhausted). This commit adds a simple check to see if a node has the same inode number as any of its would-be parents. If it does, the node is discarded and a warning message is emitted. Other cases with arbitrary layers of indirection could be constructed as well (e.g. dir 'a' contains hard link to 'b' and 'b' one back to 'a'), but the sub hierarchies are always expanded, this check should catch that too. Reported-by: Zachary Dremann Signed-off-by: David Oberhollenzer