deserialize_tree: filter out directory loops

The tree deserializer does a recursive depth-first search to populate
the directory tree, moving back and forth between the directory listing
containing the inode references and the inode table pointing to the
list of child inodes. It is completely unaware of hard links and creates
duplicate nodes instead.

It is possible to create a malicious SquashFS image that contains a
directory that contains as child a reference to its own inode. This
can also be done transitively (i.e. directory contains its own parent
or grand parent), leading to infinite recursion (actually finite, since
it terminates once all stack memory is exhausted).

This commit adds a simple check to see if a node has the same inode
number as any of its would-be parents. If it does, the node is discarded
and a warning message is emitted.

Other cases with arbitrary layers of indirection could be constructed
as well (e.g. dir 'a' contains hard link to 'b' and 'b' one back to 'a'),
but the sub hierarchies are always expanded, this check should catch that
too.

Reported-by: Zachary Dremann <dremann@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

0 files changed, 0 insertions, 0 deletions