From nobody@FreeBSD.org  Mon Mar 10 13:05:22 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E6FDC1065671
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 13:05:22 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id EBD0B8FC23
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 13:05:22 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m2AD2A1i063752
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 13:02:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m2AD2AwZ063751;
	Mon, 10 Mar 2008 13:02:10 GMT
	(envelope-from nobody)
Message-Id: <200803101302.m2AD2AwZ063751@www.freebsd.org>
Date: Mon, 10 Mar 2008 13:02:10 GMT
From: Jaakko Heinonen <jh@saunalahti.fi>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] [geom] geom label class allows to create inaccessible labels
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         121559
>Category:       kern
>Synopsis:       [patch] [geom] geom label class allows to create inaccessible labels
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 10 13:10:03 UTC 2008
>Closed-Date:    Wed Dec 01 19:30:47 UTC 2010
>Last-Modified:  Wed Dec 01 19:30:47 UTC 2010
>Originator:     Jaakko Heinonen
>Release:        7.0-RELEASE / 8.0-CURRENT
>Organization:
>Environment:
>Description:
GEOM label class allows to create labels which are inaccessible through the label names and causes invalid entries to be created under /dev tree. Here are examples of such names:

/ (slash)
/foo (label starting with slash)
foo/ (label ending with slash)
/..bar/.. (label ending with /..)
(empty string)

There's supposedly a code in g_label_is_name_ok() (src/sys/geom/label/g_label.c) that prevents labels ending with "/.." to be created:

       /* Check is the label ends at ../ */
       if ((s = strstr(label, "/..")) != NULL && s[3] == '\0')
                return (0);

However the code is incorrect and it allow for example a label named "/..bar/.." to be created.

Following patch disallows these label names:
- empty labels
- labels starting or ending with '/'
- labels ending with "/.."

The patch also corrects some typos in comments, adds a proper error reporting when invalid labels are tried to create with glabel(8) and corrects a typo in error message.

>How-To-Repeat:
(You need sysutils/e2fsprogs from ports.)

# dd if=/dev/zero of=e2img bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes transferred in 0.334605 secs (31337729 bytes/sec)
# mdconfig -a -t vnode -f e2img
md0
# mke2fs /dev/md0
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-geom 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Mar 10 13:27:39 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121559 

From: Jaakko Heinonen <jh@saunalahti.fi>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/121559: [patch] [geom] geom label class allows to create
	inaccessible labels
Date: Mon, 10 Mar 2008 15:35:56 +0200

 --fdj2RfSjLxBAspz7
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 
 For some reason the report was truncated. Patch is attached to this mail
 and here is the complete "How-To-Repeat:"-section:
 
 (You need sysutils/e2fsprogs from ports.)
 
 # dd if=/dev/zero of=e2img bs=1M count=10
 10+0 records in
 10+0 records out
 10485760 bytes transferred in 0.334605 secs (31337729 bytes/sec)
 # mdconfig -a -t vnode -f e2img
 md0
 # mke2fs /dev/md0
 .
 .
 # e2label /dev/md0 /
 # ls -ia /dev/ext2fs/
 ls: : No such file or directory
 120 .     2 ..
 # e2label /dev/md0 /foo
 # dmesg|tail -1
 GEOM_LABEL: Label for provider md0 is ext2fs//foo.
 # ls -ia /dev/ext2fs/
 ls: : No such file or directory
 # e2label /dev/md0 foo/
 # dmesg|tail -1
 GEOM_LABEL: Label for provider md0 is ext2fs/foo/.
 # ls -ia /dev/ext2fs/
 ls: : No such file or directory
 120 .     2 ..  122 foo
 # ls -ia /dev/ext2fs/foo/
 ls: : No such file or directory
 122 .   120 ..
 # glabel create /..bar/.. md0
 # glabel status
            Name  Status  Components
     ext2fs/foo/     N/A  md0
 label//..bar/..     N/A  md0
 # ls -ia /dev/label/
 ls: : No such file or directory
 124 .     2 ..  125 foo
 # ls -ia /dev/label/foo/
 125 .           124 ..          126 ..bar..
 # glabel create '' md0
 
 
 After applying the patch:
 
 # dd if=/dev/zero of=e2img bs=1M count=10
 # mdconfig -a -t vnode -f e2img
 md0
 # mke2fs /dev/md0
 .
 .
 # e2label /dev/md0 /
 # dmesg|tail -1
 GEOM_LABEL: md0 contains suspicious label, skipping.
 # e2label /dev/md0 /foo
 # dmesg|tail -1
 GEOM_LABEL: md0 contains suspicious label, skipping.
 # e2label /dev/md0 foo/
 # dmesg|tail -1
 GEOM_LABEL: md0 contains suspicious label, skipping.
 # glabel create /..bar/.. md0
 glabel: Label name /..bar/.. is invalid.
 # glabel create '' md0
 glabel: Label name  is invalid.
 
 -- 
 Jaakko
 
 --fdj2RfSjLxBAspz7
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="geom-label-allowed-names.diff"
 
 Index: label/g_label.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/geom/label/g_label.c,v
 retrieving revision 1.21
 diff -p -u -r1.21 g_label.c
 --- label/g_label.c	12 Aug 2006 15:30:24 -0000	1.21
 +++ label/g_label.c	10 Mar 2008 10:34:26 -0000
 @@ -122,14 +122,24 @@ g_label_is_name_ok(const char *label)
  {
  	const char *s;
  
 -	/* Check is the label starts from ../ */
 +	/* Don't allow empty labels */
 +	if (label[0] == '\0')
 +		return (0);
 +	/* Check if the label starts with '/' */
 +	if (label[0] == '/')
 +		return (0);
 +	/* Check if the label starts from ../ */
  	if (strncmp(label, "../", 3) == 0)
  		return (0);
 -	/* Check is the label contains /../ */
 +	/* Check if the label contains /../ */
  	if (strstr(label, "/../") != NULL)
  		return (0);
 -	/* Check is the label ends at ../ */
 -	if ((s = strstr(label, "/..")) != NULL && s[3] == '\0')
 +	/* Check if the label ends at /.. */
 +	for (s = label; (s = strstr(s, "/..")) != NULL; s++)
 +		if (s[3] == '\0')
 +			return (0);
 +	/* Check if the label ends with '/' */
 +	if ((s = rindex(label, '/')) != NULL && s[1] == '\0')
  		return (0);
  	return (1);
  }
 @@ -149,6 +159,8 @@ g_label_create(struct gctl_req *req, str
  		G_LABEL_DEBUG(0, "%s contains suspicious label, skipping.",
  		    pp->name);
  		G_LABEL_DEBUG(1, "%s suspicious label is: %s", pp->name, label);
 +		if (req != NULL)
 +			gctl_error(req, "Label name %s is invalid.", label);
  		return (NULL);
  	}
  	gp = NULL;
 @@ -340,7 +352,7 @@ g_label_ctl_create(struct gctl_req *req,
  		return;
  	}
  	if (*nargs != 2) {
 -		gctl_error(req, "Invalid number of argument.");
 +		gctl_error(req, "Invalid number of arguments.");
  		return;
  	}
  	/*
 
 --fdj2RfSjLxBAspz7--
Responsible-Changed-From-To: freebsd-geom->jh 
Responsible-Changed-By: jh 
Responsible-Changed-When: Thu Oct 28 11:29:38 UTC 2010 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121559 
State-Changed-From-To: open->closed 
State-Changed-By: jh 
State-Changed-When: Wed Dec 1 19:30:45 UTC 2010 
State-Changed-Why:  
Mostly resolved in r214063 and r216098. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121559 
>Unformatted:
