From: Kalpak Shah <kalpak@clusterfs.com>
Date: Mon, 9 Jul 2007 17:05:45 +0000 (-0400)
Subject: e2fsck: Fix salvage_directory when the last entry's rec_len is too big
X-Git-Tag: v1.40.2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=575307cc63d24766ff789262a5cea7b4faf2fa13;p=thirdparty%2Fe2fsprogs.git

e2fsck: Fix salvage_directory when the last entry's rec_len is too big

  Recently, one of our customers found this message in pass2 of e2fsck
  while doing some regression testing:

  "Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
  rec_len of 14200, should be 26908."

  Both the displayed rec_len and the "should be" value are bogus. The
  reason is that salvage_directory sets a offset beyond blocksize
  leading to bogus messages.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
---

diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c
index e235348c7..5e088e2dd 100644
--- a/e2fsck/pass2.c
+++ b/e2fsck/pass2.c
@@ -675,11 +675,12 @@ static void salvage_directory(ext2_filsys fs,
 		return;
 	}
 	/*
-	 * If the directory entry is a multiple of four, so it is
-	 * valid, let the previous directory entry absorb the invalid
-	 * one. 
+	 * If the record length of the directory entry is a multiple
+	 * of four, and not too big, such that it is valid, let the
+	 * previous directory entry absorb the invalid one.
 	 */
-	if (prev && dirent->rec_len && (dirent->rec_len % 4) == 0) {
+	if (prev && dirent->rec_len && (dirent->rec_len % 4) == 0 &&
+	    (*offset + dirent->rec_len <= fs->blocksize)) {
 		prev->rec_len += dirent->rec_len;
 		*offset += dirent->rec_len;
 		return;
diff --git a/tests/f_baddir2/expect.1 b/tests/f_baddir2/expect.1
new file mode 100644
index 000000000..1bfea69d9
--- /dev/null
+++ b/tests/f_baddir2/expect.1
@@ -0,0 +1,12 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Directory inode 12, block 0, offset 60: directory corrupted
+Salvage? yes
+
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+
+test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
+test_filesys: 15/16 files (0.0% non-contiguous), 23/100 blocks
+Exit status is 1
diff --git a/tests/f_baddir2/expect.2 b/tests/f_baddir2/expect.2
new file mode 100644
index 000000000..b85bbabfc
--- /dev/null
+++ b/tests/f_baddir2/expect.2
@@ -0,0 +1,7 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 15/16 files (0.0% non-contiguous), 23/100 blocks
+Exit status is 0
diff --git a/tests/f_baddir2/image.gz b/tests/f_baddir2/image.gz
new file mode 100644
index 000000000..0d9fcdf7c
Binary files /dev/null and b/tests/f_baddir2/image.gz differ
diff --git a/tests/f_baddir2/name b/tests/f_baddir2/name
new file mode 100644
index 000000000..568a7c96a
--- /dev/null
+++ b/tests/f_baddir2/name
@@ -0,0 +1 @@
+salvage last directory entry