From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Richard Weinberger <richard@nod.at>
Subject: [PATCH 0/6] squashfs: harden against crafted metadata
Date: Wed, 17 Jul 2024 08:33:22 +0200 [thread overview]
Message-ID: <20240717063328.2810835-1-a.fatoum@pengutronix.de> (raw)
Richard reports[1] that barebox is susceptible to a number of memory safety
issues when parsing crafted squashfs files, which have been fixed in the
upstream Linux implementation in the meantime.
Import the mentioned commits from Linux to fix this:
01cfb7937a9af ("squashfs: be more careful about metadata corruption")
d512584780d3e ("squashfs: more metadata hardening")
cdbb65c4c7ead ("squashfs metadata 2: electric boogaloo")
71755ee5350b6 ("squashfs: more metadata hardening")
a3f94cb99a854 ("Squashfs: Compute expected length from inode size rather than block length")
A full synchronization of the squashfs code is probably also in-order,
e.g. to support block sizes other than the default 128K, but
cherry-picking these changes is quite straight-forward, so let's do that
now.
[1]: https://lore.barebox.org/barebox/2572594.vzjCzTo3RI@somecomputer/
Ahmad Fatoum (6):
squashfs: be more careful about metadata corruption
squashfs: more metadata hardening
squashfs metadata 2: electric boogaloo
squashfs: more metadata hardening
Squashfs: Compute expected length from inode size rather than block
length
squashfs: refuse mount of squashfs images with non-128K block size
fs/squashfs/Kconfig | 5 +---
fs/squashfs/block.c | 2 ++
fs/squashfs/cache.c | 3 ++
fs/squashfs/file.c | 57 ++++++++++++++++++++++--------------
fs/squashfs/file_cache.c | 7 +++--
fs/squashfs/fragment.c | 17 ++++++-----
fs/squashfs/squashfs.h | 4 +--
fs/squashfs/squashfs_fs.h | 11 +++++++
fs/squashfs/squashfs_fs_sb.h | 1 +
fs/squashfs/super.c | 12 ++++++--
10 files changed, 79 insertions(+), 40 deletions(-)
--
2.39.2
next reply other threads:[~2024-07-17 6:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 6:33 Ahmad Fatoum [this message]
2024-07-17 6:33 ` [PATCH 1/6] squashfs: be more careful about metadata corruption Ahmad Fatoum
2024-07-17 6:33 ` [PATCH 2/6] squashfs: more metadata hardening Ahmad Fatoum
2024-07-17 6:33 ` [PATCH 3/6] squashfs metadata 2: electric boogaloo Ahmad Fatoum
2024-07-17 6:33 ` [PATCH 4/6] squashfs: more metadata hardening Ahmad Fatoum
2024-07-17 6:33 ` [PATCH 5/6] Squashfs: Compute expected length from inode size rather than block length Ahmad Fatoum
2024-07-17 6:33 ` [PATCH 6/6] squashfs: refuse mount of squashfs images with non-128K block size Ahmad Fatoum
2024-07-19 6:36 ` [PATCH 0/6] squashfs: harden against crafted metadata Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240717063328.2810835-1-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox