bin/160339: [patch] fsck_ffs needs to check d_namlen for zero

Eugene Grosbein eugen at grosbein.pp.ru
Wed Aug 31 16:50:07 UTC 2011 

>Number:         160339
>Category:       bin
>Synopsis:       [patch] fsck_ffs needs to check d_namlen for zero
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 31 16:50:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.2-STABLE FreeBSD 8.2-STABLE #1: Fri Jul 1 18:08:55 NOVST 2011 root at grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV amd64

>Description:
	fsck_ffs checks for directory entry is incomplete:
	it does not check if d_namlen is zero.

	OTOH, it checks if namlen > MAXNAMLEN while MAXNAMLEN is 255
	and namlen is 8-bit quantity so this check is always false.
	This check is commented out in NetBSD's fsck_ffs and
	does not exists in OpenBSD's. But they both do not check for zero value.

>How-To-Repeat:
	
	My /usr/local filesystem somehow got corrupted, one of subdirectories
	has a file with zero name length and fsck -y did not find this error.
	I was forced to apply the following patch and only then the error
	was corrected:

** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
DIRECTORY CORRUPTED  I=1531227  OWNER=root MODE=40755
SIZE=4608 MTIME=Aug 30 01:28 2011 
DIR=/obj/usr/local/src/secure/lib/libssh

SALVAGE? [yn] 

** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
LINK COUNT FILE I=24  OWNER=root MODE=100644
SIZE=892 MTIME=Sep 17 11:10 2010  COUNT 2 SHOULD BE 1
ADJUST? [yn] 

** Phase 5 - Check Cyl groups
459580 files, 7411823 used, 7819495 free (105503 frags, 964249 blocks, 0.7% fragmentation)

***** FILE SYSTEM IS CLEAN *****

***** FILE SYSTEM WAS MODIFIED *****

>Fix:

--- sbin/fsck_ffs/dir.c.orig	2011-08-31 22:54:23.000000000 +0700
+++ sbin/fsck_ffs/dir.c	2011-08-31 23:38:33.000000000 +0700
@@ -225,7 +225,7 @@
 	type = dp->d_type;
 	if (dp->d_reclen < size ||
 	    idesc->id_filesize < size ||
-	    namlen > MAXNAMLEN ||
+	    namlen == 0 ||
 	    type > 15)
 		goto bad;
 	for (cp = dp->d_name, size = 0; size < namlen; size++)


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list