Except for e2fsck (where we want to expose the corrupted directory
entries to e2fsck mostly so that the e2fsck output stays the same on
big-endian machines compared to little-endian machines, so we don't
break our regression tests), if the directory block is corrupted, and
ext2fs_dirent_swab_in[2](), trips across this, return an error. This
will make sure that naive users of libextfs will not try to handle a
corrupted directory block. This prevents potential buffer overruns in
the byte swapping code paths.
This commit does not cause any functional change on little-endian
systems.
Addresses-Coverity-Bug:
1433408
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
mtrace_print("Pass 2");
#endif
+ fs->flags |= EXT2_FLAG_IGNORE_SWAP_DIRENT;
if (!(ctx->options & E2F_OPT_PREEN))
fix_problem(ctx, PR_2_PASS_HEADER, &cd.pctx);
print_resource_track(ctx, _("Pass 2"), &rtrack, fs->io);
cleanup:
ext2fs_free_mem(&buf);
+ fs->flags &= ~EXT2_FLAG_IGNORE_SWAP_DIRENT;
}
#define MAX_DEPTH 32000
#define EXT2_FLAG_BBITMAP_TAIL_PROBLEM 0x1000000
#define EXT2_FLAG_IBITMAP_TAIL_PROBLEM 0x2000000
#define EXT2_FLAG_THREADS 0x4000000
+#define EXT2_FLAG_IGNORE_SWAP_DIRENT 0x8000000
/*
* Special flag in the ext2 inode i_flag field that means that this is
return retval;
if ((rec_len < 8) || (rec_len % 4)) {
rec_len = 8;
- retval = EXT2_ET_DIR_CORRUPTED;
+ if (!(fs->flags & EXT2_FLAG_IGNORE_SWAP_DIRENT))
+ return EXT2_ET_DIR_CORRUPTED;
} else if (((name_len & 0xFF) + 8) > rec_len)
- retval = EXT2_ET_DIR_CORRUPTED;
+ if (!(fs->flags & EXT2_FLAG_IGNORE_SWAP_DIRENT))
+ return EXT2_ET_DIR_CORRUPTED;
if (rec_len > left)
- return EXT2_ET_DIR_CORRUPTED;
+ if (!(fs->flags & EXT2_FLAG_IGNORE_SWAP_DIRENT))
+ return EXT2_ET_DIR_CORRUPTED;
left -= rec_len;
p += rec_len;
}