From eugen@grosbein.pp.ru  Wed Aug 31 16:45:18 2011
Return-Path: <eugen@grosbein.pp.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3B2EF106567B
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 31 Aug 2011 16:45:18 +0000 (UTC)
	(envelope-from eugen@grosbein.pp.ru)
Received: from eg.sd.rdtc.ru (unknown [IPv6:2a03:3100:c:13::5])
	by mx1.freebsd.org (Postfix) with ESMTP id 7F6118FC19
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 31 Aug 2011 16:45:17 +0000 (UTC)
Received: from grosbein.pp.ru (188-123-32-240.rdtc.ru [188.123.32.240] (may be forged))
	by eg.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id p7VGjGIc046199
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 31 Aug 2011 23:45:16 +0700 (NOVST)
	(envelope-from eugen@grosbein.pp.ru)
Received: from grosbein.pp.ru (localhost [127.0.0.1])
	by grosbein.pp.ru (8.14.4/8.14.4) with ESMTP id p7VGjCjY002536
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 31 Aug 2011 23:45:12 +0700 (NOVST)
	(envelope-from eugen@grosbein.pp.ru)
Received: (from eugen@localhost)
	by grosbein.pp.ru (8.14.4/8.14.4/Submit) id p7VGjCtd002535;
	Wed, 31 Aug 2011 23:45:12 +0700 (NOVST)
	(envelope-from eugen)
Message-Id: <201108311645.p7VGjCtd002535@grosbein.pp.ru>
Date: Wed, 31 Aug 2011 23:45:12 +0700 (NOVST)
From: Eugene Grosbein <eugen@grosbein.pp.ru>
Reply-To: Eugene Grosbein <eugen@grosbein.pp.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] fsck_ffs needs to check d_namlen for zero
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         160339
>Category:       bin
>Synopsis:       [patch] fsck_ffs(8) needs to check d_namlen for zero
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 31 16:50:06 UTC 2011
>Closed-Date:    Fri Sep 16 05:45:52 UTC 2011
>Last-Modified:  Fri Sep 16 05:50:09 UTC 2011
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.2-STABLE FreeBSD 8.2-STABLE #1: Fri Jul 1 18:08:55 NOVST 2011 root@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV amd64

>Description:
	fsck_ffs checks for directory entry is incomplete:
	it does not check if d_namlen is zero.

	OTOH, it checks if namlen > MAXNAMLEN while MAXNAMLEN is 255
	and namlen is 8-bit quantity so this check is always false.
	This check is commented out in NetBSD's fsck_ffs and
	does not exists in OpenBSD's. But they both do not check for zero value.

>How-To-Repeat:
	
	My /usr/local filesystem somehow got corrupted, one of subdirectories
	has a file with zero name length and fsck -y did not find this error.
	I was forced to apply the following patch and only then the error
	was corrected:

** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
DIRECTORY CORRUPTED  I=1531227  OWNER=root MODE=40755
SIZE=4608 MTIME=Aug 30 01:28 2011 
DIR=/obj/usr/local/src/secure/lib/libssh

SALVAGE? [yn] 

** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
LINK COUNT FILE I=24  OWNER=root MODE=100644
SIZE=892 MTIME=Sep 17 11:10 2010  COUNT 2 SHOULD BE 1
ADJUST? [yn] 

** Phase 5 - Check Cyl groups
459580 files, 7411823 used, 7819495 free (105503 frags, 964249 blocks, 0.7% fragmentation)

***** FILE SYSTEM IS CLEAN *****

***** FILE SYSTEM WAS MODIFIED *****

>Fix:

--- sbin/fsck_ffs/dir.c.orig	2011-08-31 22:54:23.000000000 +0700
+++ sbin/fsck_ffs/dir.c	2011-08-31 23:38:33.000000000 +0700
@@ -225,7 +225,7 @@
 	type = dp->d_type;
 	if (dp->d_reclen < size ||
 	    idesc->id_filesize < size ||
-	    namlen > MAXNAMLEN ||
+	    namlen == 0 ||
 	    type > 15)
 		goto bad;
 	for (cp = dp->d_name, size = 0; size < namlen; size++)


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Wed Aug 31 23:27:14 UTC 2011 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=160339 
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Fri Sep 2 17:07:26 UTC 2011 
State-Changed-Why:  
Patched in -HEAD, MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=160339 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/160339: commit references a PR
Date: Fri,  2 Sep 2011 17:05:47 +0000 (UTC)

 Author: delphij
 Date: Fri Sep  2 17:05:34 2011
 New Revision: 225338
 URL: http://svn.freebsd.org/changeset/base/225338
 
 Log:
   Fix the check in dircheck() on namlen.
   
   The value of namlen is copied from on-disk d_namlen, which is a 8-bit
   unsigned integer which can never exceed MAXNAMLEN (255) so the test is
   always true.  Moreover, UFS does not allow d_namelen being zero.
   
   Change namlen from u_int to u_int8_t, and replace the unneeded test
   with a useful test.
   
   PR:		bin/160339
   Submitted by:	Eugene Grosbein <eugen grosbein.pp.ru>
   MFC after:	2 weeks
   Approved by:	re (kib)
 
 Modified:
   head/sbin/fsck_ffs/dir.c
 
 Modified: head/sbin/fsck_ffs/dir.c
 ==============================================================================
 --- head/sbin/fsck_ffs/dir.c	Fri Sep  2 17:05:11 2011	(r225337)
 +++ head/sbin/fsck_ffs/dir.c	Fri Sep  2 17:05:34 2011	(r225338)
 @@ -210,7 +210,7 @@ dircheck(struct inodesc *idesc, struct d
  	size_t size;
  	char *cp;
  	u_char type;
 -	u_int namlen;
 +	u_int8_t namlen;
  	int spaceleft;
  
  	spaceleft = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
 @@ -225,7 +225,7 @@ dircheck(struct inodesc *idesc, struct d
  	type = dp->d_type;
  	if (dp->d_reclen < size ||
  	    idesc->id_filesize < size ||
 -	    namlen > MAXNAMLEN ||
 +	    namlen == 0 ||
  	    type > 15)
  		goto bad;
  	for (cp = dp->d_name, size = 0; size < namlen; size++)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Fri Sep 16 05:45:17 UTC 2011 
State-Changed-Why:  
Patch applied to all supported -STABLE branches, thanks for 
your submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=160339 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/160339: commit references a PR
Date: Fri, 16 Sep 2011 05:45:24 +0000 (UTC)

 Author: delphij
 Date: Fri Sep 16 05:45:13 2011
 New Revision: 225605
 URL: http://svn.freebsd.org/changeset/base/225605
 
 Log:
   MFC r225338:
   
   Fix the check in dircheck() on namlen.
   
   The value of namlen is copied from on-disk d_namlen, which is a 8-bit
   unsigned integer which can never exceed MAXNAMLEN (255) so the test is
   always true.  Moreover, UFS does not allow d_namelen being zero.
   
   Change namlen from u_int to u_int8_t, and replace the unneeded test
   with a useful test.
   
   PR:		bin/160339
   Submitted by:	Eugene Grosbein <eugen grosbein.pp.ru>
 
 Modified:
   stable/8/sbin/fsck_ffs/dir.c
 Directory Properties:
   stable/8/sbin/fsck_ffs/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/7/sbin/fsck_ffs/dir.c
 Directory Properties:
   stable/7/sbin/fsck_ffs/   (props changed)
 
 Modified: stable/8/sbin/fsck_ffs/dir.c
 ==============================================================================
 --- stable/8/sbin/fsck_ffs/dir.c	Fri Sep 16 04:42:05 2011	(r225604)
 +++ stable/8/sbin/fsck_ffs/dir.c	Fri Sep 16 05:45:13 2011	(r225605)
 @@ -210,7 +210,7 @@ dircheck(struct inodesc *idesc, struct d
  	size_t size;
  	char *cp;
  	u_char type;
 -	u_int namlen;
 +	u_int8_t namlen;
  	int spaceleft;
  
  	spaceleft = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
 @@ -225,7 +225,7 @@ dircheck(struct inodesc *idesc, struct d
  	type = dp->d_type;
  	if (dp->d_reclen < size ||
  	    idesc->id_filesize < size ||
 -	    namlen > MAXNAMLEN ||
 +	    namlen == 0 ||
  	    type > 15)
  		goto bad;
  	for (cp = dp->d_name, size = 0; size < namlen; size++)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/160339: commit references a PR
Date: Fri, 16 Sep 2011 05:45:48 +0000 (UTC)

 Author: delphij
 Date: Fri Sep 16 05:45:13 2011
 New Revision: 225605
 URL: http://svn.freebsd.org/changeset/base/225605
 
 Log:
   MFC r225338:
   
   Fix the check in dircheck() on namlen.
   
   The value of namlen is copied from on-disk d_namlen, which is a 8-bit
   unsigned integer which can never exceed MAXNAMLEN (255) so the test is
   always true.  Moreover, UFS does not allow d_namelen being zero.
   
   Change namlen from u_int to u_int8_t, and replace the unneeded test
   with a useful test.
   
   PR:		bin/160339
   Submitted by:	Eugene Grosbein <eugen grosbein.pp.ru>
 
 Modified:
   stable/7/sbin/fsck_ffs/dir.c
 Directory Properties:
   stable/7/sbin/fsck_ffs/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/8/sbin/fsck_ffs/dir.c
 Directory Properties:
   stable/8/sbin/fsck_ffs/   (props changed)
 
 Modified: stable/7/sbin/fsck_ffs/dir.c
 ==============================================================================
 --- stable/7/sbin/fsck_ffs/dir.c	Fri Sep 16 04:42:05 2011	(r225604)
 +++ stable/7/sbin/fsck_ffs/dir.c	Fri Sep 16 05:45:13 2011	(r225605)
 @@ -210,7 +210,7 @@ dircheck(struct inodesc *idesc, struct d
  	size_t size;
  	char *cp;
  	u_char type;
 -	u_int namlen;
 +	u_int8_t namlen;
  	int spaceleft;
  
  	spaceleft = DIRBLKSIZ - (idesc->id_loc % DIRBLKSIZ);
 @@ -225,7 +225,7 @@ dircheck(struct inodesc *idesc, struct d
  	type = dp->d_type;
  	if (dp->d_reclen < size ||
  	    idesc->id_filesize < size ||
 -	    namlen > MAXNAMLEN ||
 +	    namlen == 0 ||
  	    type > 15)
  		goto bad;
  	for (cp = dp->d_name, size = 0; size < namlen; size++)
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
