bin/160339: [patch] fsck_ffs needs to check d_namlen for zero
Eugene Grosbein
eugen at grosbein.pp.ru
Wed Aug 31 16:50:07 UTC 2011
>Number: 160339
>Category: bin
>Synopsis: [patch] fsck_ffs needs to check d_namlen for zero
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 31 16:50:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 8.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.2-STABLE FreeBSD 8.2-STABLE #1: Fri Jul 1 18:08:55 NOVST 2011 root at grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV amd64
>Description:
fsck_ffs checks for directory entry is incomplete:
it does not check if d_namlen is zero.
OTOH, it checks if namlen > MAXNAMLEN while MAXNAMLEN is 255
and namlen is 8-bit quantity so this check is always false.
This check is commented out in NetBSD's fsck_ffs and
does not exists in OpenBSD's. But they both do not check for zero value.
>How-To-Repeat:
My /usr/local filesystem somehow got corrupted, one of subdirectories
has a file with zero name length and fsck -y did not find this error.
I was forced to apply the following patch and only then the error
was corrected:
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
DIRECTORY CORRUPTED I=1531227 OWNER=root MODE=40755
SIZE=4608 MTIME=Aug 30 01:28 2011
DIR=/obj/usr/local/src/secure/lib/libssh
SALVAGE? [yn]
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
LINK COUNT FILE I=24 OWNER=root MODE=100644
SIZE=892 MTIME=Sep 17 11:10 2010 COUNT 2 SHOULD BE 1
ADJUST? [yn]
** Phase 5 - Check Cyl groups
459580 files, 7411823 used, 7819495 free (105503 frags, 964249 blocks, 0.7% fragmentation)
***** FILE SYSTEM IS CLEAN *****
***** FILE SYSTEM WAS MODIFIED *****
>Fix:
--- sbin/fsck_ffs/dir.c.orig 2011-08-31 22:54:23.000000000 +0700
+++ sbin/fsck_ffs/dir.c 2011-08-31 23:38:33.000000000 +0700
@@ -225,7 +225,7 @@
type = dp->d_type;
if (dp->d_reclen < size ||
idesc->id_filesize < size ||
- namlen > MAXNAMLEN ||
+ namlen == 0 ||
type > 15)
goto bad;
for (cp = dp->d_name, size = 0; size < namlen; size++)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list