Date: Mon, 10 Mar 2008 13:40:05 GMT From: Jaakko Heinonen <jh@saunalahti.fi> To: freebsd-geom@FreeBSD.org Subject: Re: kern/121559: [patch] [geom] geom label class allows to create inaccessible labels Message-ID: <200803101340.m2ADe54p005929@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/121559; it has been noted by GNATS.
From: Jaakko Heinonen <jh@saunalahti.fi>
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/121559: [patch] [geom] geom label class allows to create
inaccessible labels
Date: Mon, 10 Mar 2008 15:35:56 +0200
--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
For some reason the report was truncated. Patch is attached to this mail
and here is the complete "How-To-Repeat:"-section:
(You need sysutils/e2fsprogs from ports.)
# dd if=/dev/zero of=e2img bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes transferred in 0.334605 secs (31337729 bytes/sec)
# mdconfig -a -t vnode -f e2img
md0
# mke2fs /dev/md0
.
.
# e2label /dev/md0 /
# ls -ia /dev/ext2fs/
ls: : No such file or directory
120 . 2 ..
# e2label /dev/md0 /foo
# dmesg|tail -1
GEOM_LABEL: Label for provider md0 is ext2fs//foo.
# ls -ia /dev/ext2fs/
ls: : No such file or directory
# e2label /dev/md0 foo/
# dmesg|tail -1
GEOM_LABEL: Label for provider md0 is ext2fs/foo/.
# ls -ia /dev/ext2fs/
ls: : No such file or directory
120 . 2 .. 122 foo
# ls -ia /dev/ext2fs/foo/
ls: : No such file or directory
122 . 120 ..
# glabel create /..bar/.. md0
# glabel status
Name Status Components
ext2fs/foo/ N/A md0
label//..bar/.. N/A md0
# ls -ia /dev/label/
ls: : No such file or directory
124 . 2 .. 125 foo
# ls -ia /dev/label/foo/
125 . 124 .. 126 ..bar..
# glabel create '' md0
After applying the patch:
# dd if=/dev/zero of=e2img bs=1M count=10
# mdconfig -a -t vnode -f e2img
md0
# mke2fs /dev/md0
.
.
# e2label /dev/md0 /
# dmesg|tail -1
GEOM_LABEL: md0 contains suspicious label, skipping.
# e2label /dev/md0 /foo
# dmesg|tail -1
GEOM_LABEL: md0 contains suspicious label, skipping.
# e2label /dev/md0 foo/
# dmesg|tail -1
GEOM_LABEL: md0 contains suspicious label, skipping.
# glabel create /..bar/.. md0
glabel: Label name /..bar/.. is invalid.
# glabel create '' md0
glabel: Label name is invalid.
--
Jaakko
--fdj2RfSjLxBAspz7
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="geom-label-allowed-names.diff"
Index: label/g_label.c
===================================================================
RCS file: /home/ncvs/src/sys/geom/label/g_label.c,v
retrieving revision 1.21
diff -p -u -r1.21 g_label.c
--- label/g_label.c 12 Aug 2006 15:30:24 -0000 1.21
+++ label/g_label.c 10 Mar 2008 10:34:26 -0000
@@ -122,14 +122,24 @@ g_label_is_name_ok(const char *label)
{
const char *s;
- /* Check is the label starts from ../ */
+ /* Don't allow empty labels */
+ if (label[0] == '\0')
+ return (0);
+ /* Check if the label starts with '/' */
+ if (label[0] == '/')
+ return (0);
+ /* Check if the label starts from ../ */
if (strncmp(label, "../", 3) == 0)
return (0);
- /* Check is the label contains /../ */
+ /* Check if the label contains /../ */
if (strstr(label, "/../") != NULL)
return (0);
- /* Check is the label ends at ../ */
- if ((s = strstr(label, "/..")) != NULL && s[3] == '\0')
+ /* Check if the label ends at /.. */
+ for (s = label; (s = strstr(s, "/..")) != NULL; s++)
+ if (s[3] == '\0')
+ return (0);
+ /* Check if the label ends with '/' */
+ if ((s = rindex(label, '/')) != NULL && s[1] == '\0')
return (0);
return (1);
}
@@ -149,6 +159,8 @@ g_label_create(struct gctl_req *req, str
G_LABEL_DEBUG(0, "%s contains suspicious label, skipping.",
pp->name);
G_LABEL_DEBUG(1, "%s suspicious label is: %s", pp->name, label);
+ if (req != NULL)
+ gctl_error(req, "Label name %s is invalid.", label);
return (NULL);
}
gp = NULL;
@@ -340,7 +352,7 @@ g_label_ctl_create(struct gctl_req *req,
return;
}
if (*nargs != 2) {
- gctl_error(req, "Invalid number of argument.");
+ gctl_error(req, "Invalid number of arguments.");
return;
}
/*
--fdj2RfSjLxBAspz7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803101340.m2ADe54p005929>