| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With aligned attribute many blkid tests fail with following error. So
instead of aligning to 4K add padding that makes the struct same size
without causing asan trip over.
libblkid/src/superblocks/drbd.c:179:6: runtime error: member access
within misaligned address 0x55913d7e6958 for type 'struct
meta_data_on_disk_9', which requires 4096 byte alignment
In zfs structure it seems compiler is adding padding, that does not mix well
with be32_to_cpu() and other bit operations.
libblkid/src/superblocks/zfs.c:109:23: runtime error: load of misaligned
address 0x7ff6406540e4 for type 'uint32_t' (aka 'unsigned int'), which
requires 8 byte alignment
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
| |
This change fixes "warning: variable 'var' may be uninitialized when used
here [-Wconditional-uninitialized]" warnings reported in various files.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
| |
* use "const" in functions where we don't modify arguments
* use "const" when cast from const buffer to any struct (superblock etc.)
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
| |
Reported-by: L A Walsh <lkml@tlinx.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A corrupted ZFS filesystem can trigger 32-bit endian-conversions of
unintended memory locations in zfs_extract_guid_name(), in several ways:
* The variable "left" (number of bytes remaining in the buffer) does not
account for the 12 bytes of the nvlist header.
* The field nvp->nvp_namelen (name length in name/value pair) is rounded
up to the nearest multiple of 4, but only the unrounded size is checked.
* The fields nvs->nvs_type, nvs_strlen, etc. are modified _before_ checking
if they are within bounds.
* A negative value of nvp->nvp_namelen will bypass the check that
nvp->nvp_namelen fits into nvp->nvp_size (size of name/value pair).
This allows for mangling of locations up to 12 + 3 + 8 == 23
bytes beyond the end of stack-based buff[4096], and up to 2**31 bytes
before its beginning.
Furthermore some debugging messages are printed from unchecked memory
locations, possibly resulting in OOB reads or setuid programs leaking
sensitive data when LIBBLKID_DEBUG is set.
This fix attempts to correct all of these problems. It also eliminates the
stack-based buffer (in case anything else was missed) and refactors things
a bit to (hopefully) make it easier to spot any mistakes.
Signed-off-by: Alden Tondettar <alden.tondettar@gmail.com>
|
|
|
|
| |
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
64 bit systems can trigger an out of boundary access while performing
a ZFS superblock probe.
This happens due to a possible integer overflow while calculating
the remaining available bytes. The variable is of type "int" and the
string length is allowed to be larger than INT_MAX, which means that
avail calculation can overflow, circumventing the "avail < 0" check and
therefore accessing memory outside the "buff" array later on.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
|
|
|
|
|
|
| |
The oclint was complaining 'empty do/while statement' that turned out to be
true and I started to think it is best to use the same DBG() macro as in
other source files for this library.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
| |
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
|
|
|
|
|
|
|
|
| |
[libblkid/src/superblocks/zfs.c:179]: (portability) 'label' is of type 'const void *'. When using void pointers in calculations, the behaviour is undefined.
[libblkid/src/superblocks/zfs.c:237]: (portability) 'label' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[libblkid/src/topology/topology.c:221]: (portability) 'chn.data' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[libmount/src/fs.c:153]: (portability) 'old' is of type 'const void *'. When using void pointers in calculations, the behaviour is undefined.
[libmount/src/fs.c:154]: (portability) 'new' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
|
|
|
|
|
| |
[libblkid/src/superblocks/zfs.c:173]: (error) Shifting 32-bit value by 56 bits is undefined behaviour
[libblkid/src/superblocks/zfs.c:173]: (error) Shifting 32-bit value by 40 bits is undefined behaviour
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
libblkid/src/superblocks/zfs.c: In function 'probe_zfs':
libblkid/src/superblocks/zfs.c:199:11: warning: unused variable 'swab_magic' [-Wunused-variable]
Signed-off-by: Karel Zak <kzak@redhat.com>
|
| |
|
|
|
|
| |
Try to use all the possible uberblock locations.
|
|
|
|
|
|
|
|
|
|
| |
While digging deeper into libblk probing, I found that some
computations might wrap and allocate too few buffer space which then
overflows. In particular on 32bit systems (chromebook) where size_t is
32bit, this is problematic (for 64bit the result fits into the calloc
size_t).
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the previous patch the scanning functions were
modified to return a differentiated return code.
To correctly abort scanning when an I/O error occurs
we need to differentiate between 'error' (= -1) and
'not found' (= 1) in the probe functions.
This patch updates all superblock scanning functions
to the new calling convention.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# wipefs /dev/sdd1
offset type
----------------------------------------------------------------
0x65000 zfs_member [raid]
LABEL: zm1
UUID: 18067835215330778964
and "wipefs -o 0x65000 /dev/sdd1" seems to run in an endless loop.
Reported-by: Helmut Hullen <Hullen@t-online.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
| |
- use stderr only
- use BLKID_ prefix for debug masks
- don't use \n in in messages and don't use printf(),
but use generic blkid_debug().
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
-Wsign-compare]
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|