On Wed, Feb 17, 2016 at 11:27:29AM -0700, Todd C. Miller wrote:
> There is currently code that checks for mnt_maxsymlinklen <= 0.
> Removing the cast will cause other problems for ffs if the maxsymlinklen
> value is negative. I don't think it is safe to make this change
> unless mnt_maxsymlinklen is made unsigned in struct mount and a
> check is added to the assignment of mnt_maxsymlinklen from
> fs_maxsymlinklen in ufs/ffs/ffs_vfsops.c to avoid assigning a
> negative value.
The diff below addresses the issues you mentioned. It converts
mnt_maxsymlinklen to unsigned and adds a check to ffs_validate() that
makes sure, that fs_maxsymlinklen is >= 0. That function is called
during mount and on fsck. This should make sure we won't get a bogus
fs_maxsymlinklen from the superblock.
natano
Index: sys/mount.h
===================================================================
RCS file: /cvs/src/sys/sys/mount.h,v
retrieving revision 1.121
diff -u -p -r1.121 mount.h
--- sys/mount.h 8 Sep 2014 01:47:06 -0000 1.121
+++ sys/mount.h 21 Feb 2016 00:44:11 -0000
@@ -355,7 +355,7 @@ struct mount {
struct vnodelst mnt_vnodelist; /* list of vnodes this mount */
struct rwlock mnt_lock; /* mount structure lock */
int mnt_flag; /* flags */
- int mnt_maxsymlinklen; /* max size of short symlink */
+ unsigned int mnt_maxsymlinklen; /* max size of short symlink */
struct statfs mnt_stat; /* cache of filesystem stats */
void *mnt_data; /* private data */
};
Index: ufs/ext2fs/ext2fs_readwrite.c
===================================================================
RCS file: /cvs/src/sys/ufs/ext2fs/ext2fs_readwrite.c,v
retrieving revision 1.37
diff -u -p -r1.37 ext2fs_readwrite.c
--- ufs/ext2fs/ext2fs_readwrite.c 16 Feb 2016 17:56:12 -0000 1.37
+++ ufs/ext2fs/ext2fs_readwrite.c 21 Feb 2016 00:44:11 -0000
@@ -95,7 +95,7 @@ ext2_ind_read(struct vnode *vp, struct i
panic("%s: mode", "ext2fs_read");
if (vp->v_type == VLNK) {
- if ((int)ext2fs_size(ip) < vp->v_mount->mnt_maxsymlinklen ||
+ if (ext2fs_size(ip) < vp->v_mount->mnt_maxsymlinklen ||
(vp->v_mount->mnt_maxsymlinklen == 0 &&
ip->i_e2fs_nblock == 0))
panic("%s: short symlink", "ext2fs_read");
Index: ufs/ext2fs/ext2fs_vnops.c
===================================================================
RCS file: /cvs/src/sys/ufs/ext2fs/ext2fs_vnops.c,v
retrieving revision 1.74
diff -u -p -r1.74 ext2fs_vnops.c
--- ufs/ext2fs/ext2fs_vnops.c 16 Feb 2016 17:56:12 -0000 1.74
+++ ufs/ext2fs/ext2fs_vnops.c 21 Feb 2016 00:44:11 -0000
@@ -322,7 +322,7 @@ ext2fs_setattr(void *v)
if (vap->va_mode != (mode_t)VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
- error = ext2fs_chmod(vp, (int)vap->va_mode, cred, p);
+ error = ext2fs_chmod(vp, vap->va_mode, cred, p);
}
return (error);
}
Index: ufs/ffs/ffs_vfsops.c
===================================================================
RCS file: /cvs/src/sys/ufs/ffs/ffs_vfsops.c,v
retrieving revision 1.150
diff -u -p -r1.150 ffs_vfsops.c
--- ufs/ffs/ffs_vfsops.c 12 Jan 2016 11:41:00 -0000 1.150
+++ ufs/ffs/ffs_vfsops.c 21 Feb 2016 00:44:11 -0000
@@ -642,6 +642,9 @@ ffs_validate(struct fs *fsp)
if ((u_int)fsp->fs_frag > MAXFRAG || fragtbl[fsp->fs_frag] == NULL)
return (0); /* Invalid number of fragments */
+ if (fsp->fs_maxsymlinklen < 0)
+ return (0); /* Invalid max size of short symlink */
+
return (1); /* Super block is okay */
}
Index: ufs/ffs/ffs_vnops.c
===================================================================
RCS file: /cvs/src/sys/ufs/ffs/ffs_vnops.c,v
retrieving revision 1.82
diff -u -p -r1.82 ffs_vnops.c
--- ufs/ffs/ffs_vnops.c 16 Feb 2016 17:56:12 -0000 1.82
+++ ufs/ffs/ffs_vnops.c 21 Feb 2016 00:44:11 -0000
@@ -207,7 +207,7 @@ ffs_read(void *v)
panic("ffs_read: mode");
if (vp->v_type == VLNK) {
- if ((int)DIP(ip, size) < vp->v_mount->mnt_maxsymlinklen ||
+ if (DIP(ip, size) < vp->v_mount->mnt_maxsymlinklen ||
(vp->v_mount->mnt_maxsymlinklen == 0 &&
DIP(ip, blocks) == 0))
panic("ffs_read: short symlink");
