From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97191+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97191+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602277; cv=none;
	d=zohomail.com; s=zohoarc;
	b=P+JQdexh2Lp9lA2hEiCErz4wcms3uFkI+uhNMdXGraRkWav8G9ZS5P7IYNYnru6Tv2bU8y0J50Xtu+tl4xS3P6zjyYVItiRe5ZmaswKvJIodJ+kfAKZTgjkre25EcqnYACQc8A/SbRulapeUPWM3wy+jX1QQaTAglOyuuhjVuh4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602277;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=ihXTuaxb4bKOYefdO9fBzX9rx6iUa4qMly+4R2EA3IQ=;
	b=XtidlPqcpuAAuLYnQgrf4IQpRoCVzfiPlU/CdABK1BHHk+KB/WX44hqTsvdrfZ0LYaloRGZK9U6eypC2bg9Ml0JZNW0YW5xciOrk+vtr4LgGZrv1cIi4ypEbuyF7lbTFbDCjIXFDCOwN2cxp6zqHiCRd73PJSZU3UPFkinLasr8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97191+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602277689687.0690199289389;
 Fri, 9 Dec 2022 08:11:17 -0800 (PST)
Return-Path: <bounce+27952+97191+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id zZyaYY1788612xsZ7keYVU1i;
 Fri, 09 Dec 2022 08:11:17 -0800
X-Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com
 [209.85.167.46])
 by mx.groups.io with SMTP id smtpd.web11.5560.1670602276434237032
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:16 -0800
X-Received: by mail-lf1-f46.google.com with SMTP id cf42so7801066lfb.1
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:16 -0800 (PST)
X-Gm-Message-State: 1TARuyZeEoR2MpVNtyEdE1cDx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4/aBZkUcKeyoHiwajYn6js8HwW8wpXG+n5m8iE86LOZkb8gwigB9j5EgLHxenlAiimS07mbw==
X-Received: by 2002:ac2:5e63:0:b0:4b5:8054:1ded with SMTP id
 a3-20020ac25e63000000b004b580541dedmr1604509lfr.9.1670602274492;
        Fri, 09 Dec 2022 08:11:14 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:14 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 01/12] Ext4Pkg: Fix memory
 leak in Ext4RetrieveDirent
Date: Fri,  9 Dec 2022 22:10:53 +0600
Message-Id: <20221209161104.70220-2-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602277;
 bh=0Oh4dTYPk7/vWJZF2xFH4MY24syUklIfjJliJ7WrvZk=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=LFrux5Uia1tAuAs4yGlDM/NBdpLsqmdLVl7UPIpeSkVfR9sBkj0EO7PQpyfehdwt0cs
 c7OL0zmy25N0WKWbqL30IE7pX+v1h2/fa6jBWWwrfK4pmLh+bxAF1oRiGyIKI9C2ocP7c
 +ZRgjG8Xw+freh5n5owvKmpJkrD35dfi3xM=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602279535100006
Content-Type: text/plain; charset="utf-8"

We need to free buffer on return if BlockRemainder !=3D 0. Also changed
return logic from function to use use common exit to prevent code
duplication.

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Directory.c | 30 +++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx=
e/Directory.c
index 4441e6d192b6..8b8fce568e43 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Directory.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c
@@ -112,8 +112,7 @@ Ext4RetrieveDirent (
   UINTN           ToCopy;

   UINTN           BlockOffset;

=20

-  Status =3D EFI_NOT_FOUND;

-  Buf    =3D AllocatePool (Partition->BlockSize);

+  Buf =3D AllocatePool (Partition->BlockSize);

=20

   if (Buf =3D=3D NULL) {

     return EFI_OUT_OF_RESOURCES;

@@ -127,7 +126,8 @@ Ext4RetrieveDirent (
   DivU64x32Remainder (DirInoSize, Partition->BlockSize, &BlockRemainder);

   if (BlockRemainder !=3D 0) {

     // Directory inodes need to have block aligned sizes

-    return EFI_VOLUME_CORRUPTED;

+    Status =3D EFI_VOLUME_CORRUPTED;

+    goto Out;

   }

=20

   while (Off < DirInoSize) {

@@ -136,8 +136,7 @@ Ext4RetrieveDirent (
     Status =3D Ext4Read (Partition, Directory, Buf, Off, &Length);

=20

     if (Status !=3D EFI_SUCCESS) {

-      FreePool (Buf);

-      return Status;

+      goto Out;

     }

=20

     for (BlockOffset =3D 0; BlockOffset < Partition->BlockSize; ) {

@@ -145,19 +144,19 @@ Ext4RetrieveDirent (
       RemainingBlock =3D Partition->BlockSize - BlockOffset;

       // Check if the minimum directory entry fits inside [BlockOffset, En=
dOfBlock]

       if (RemainingBlock < EXT4_MIN_DIR_ENTRY_LEN) {

-        FreePool (Buf);

-        return EFI_VOLUME_CORRUPTED;

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       if (!Ext4ValidDirent (Entry)) {

-        FreePool (Buf);

-        return EFI_VOLUME_CORRUPTED;

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       if ((Entry->name_len > RemainingBlock) || (Entry->rec_len > Remainin=
gBlock)) {

         // Corrupted filesystem

-        FreePool (Buf);

-        return EFI_VOLUME_CORRUPTED;

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       // Unused entry

@@ -186,8 +185,8 @@ Ext4RetrieveDirent (
         ToCopy =3D MIN (Entry->rec_len, sizeof (EXT4_DIR_ENTRY));

=20

         CopyMem (Result, Entry, ToCopy);

-        FreePool (Buf);

-        return EFI_SUCCESS;

+        Status =3D EFI_SUCCESS;

+        goto Out;

       }

=20

       BlockOffset +=3D Entry->rec_len;

@@ -196,8 +195,11 @@ Ext4RetrieveDirent (
     Off +=3D Partition->BlockSize;

   }

=20

+  Status =3D EFI_NOT_FOUND;

+

+Out:

   FreePool (Buf);

-  return EFI_NOT_FOUND;

+  return Status;

 }

=20

 /**

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97191): https://edk2.groups.io/g/devel/message/97191
Mute This Topic: https://groups.io/mt/95563273/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97192+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97192+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602283; cv=none;
	d=zohomail.com; s=zohoarc;
	b=StXPqLCjf4/DLlpyUHvsjEmLkxzCf1KeR+mADvWKX2uDnEG5V01vEOr5nihwHlHOhsTDA14t8cdU+UrKqnV8HQm73zia2SUNwBnf8O/jurYR533W3u05twjxX9o3KK5oLPn4wzo8Fr5xCmeGMInCSvamui/LFPKRvINq82mPkhI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602283;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=Py+xj5xNkPiiU6bK7FMRSXtoSaOBSqz8dYJpUyT0vZs=;
	b=ECSV+WBix9MPYSvmGdrKmHgjeJ+NtDvGTbfblHumDPhQIznP06lM1SFC8V1ZkYDA5T2lAA1nyxeeDHNr1RCfaIMKzkpISYbuarLpye3WA6EINd8072ss6pycfgFoLFwhTIgdAbaTcfnq6/g5yimUYr65/k088lpkz9QPeUDHCHo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97192+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 167060228397110.901756244084822;
 Fri, 9 Dec 2022 08:11:23 -0800 (PST)
Return-Path: <bounce+27952+97192+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id fdcZYY1788612x7fhpBVle6e;
 Fri, 09 Dec 2022 08:11:23 -0800
X-Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com
 [209.85.167.48])
 by mx.groups.io with SMTP id smtpd.web11.5561.1670602277630375568
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:17 -0800
X-Received: by mail-lf1-f48.google.com with SMTP id y25so7747082lfa.9
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:17 -0800 (PST)
X-Gm-Message-State: xp5FvD2bt4HTC0QoubCG8zDAx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4DtyCCgwi4Sr5lvrOrWuEjH1mJrc0LnSHcrz1actiNjXmljuYOiApXiO1rf8rtPGoRAY7PTg==
X-Received: by 2002:ac2:58e4:0:b0:4ac:a69f:29a2 with SMTP id
 v4-20020ac258e4000000b004aca69f29a2mr1764758lfo.61.1670602275617;
        Fri, 09 Dec 2022 08:11:15 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:15 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 02/12] Ext4Pkg: Move
 EXT4_NAME_MAX definition to Ext4Disk.h
Date: Fri,  9 Dec 2022 22:10:54 +0600
Message-Id: <20221209161104.70220-3-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602283;
 bh=JGREdXgOslX3gl1DvcomTsKe6egYj4YJLm0mp9F+iX4=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=kcA/nzUcqtHbOQYmE7HfkrJbXDgrm47IWN+7+kH0KLb1bEGwfAH+wA5LS/HYqUleuwb
 dpSRHO41ECNoYwy1eNN950hj/TLrCvwXBYiiQ8PMqQ1zVcCIoFudyp+5kRYkgce7nTPdE
 lx1N+WJoqMzfOVnGkNGn48zwItO2iu5oZ4o=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602285583100022
Content-Type: text/plain; charset="utf-8"

Constant EXT4_NAME_MAX is related to EXT4_DIR_ENTRY FS structure, so it
should be placed into Ext4Disk.h header

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h | 4 +++-
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h  | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h b/Features/Ext4Pkg/Ext4Dxe=
/Ext4Disk.h
index 4fd91a423324..1285644dcb25 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
@@ -397,12 +397,14 @@ typedef struct _Ext4Inode {
   UINT32       i_projid;

 } EXT4_INODE;

=20

+#define EXT4_NAME_MAX 255

+

 typedef struct {

   UINT32    inode;

   UINT16    rec_len;

   UINT8     name_len;

   UINT8     file_type;

-  CHAR8     name[255];

+  CHAR8     name[EXT4_NAME_MAX];

 } EXT4_DIR_ENTRY;

=20

 #define EXT4_MIN_DIR_ENTRY_LEN  8

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index adf3c13f6ea9..dde4f4cb0e06 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -32,7 +32,6 @@
 #include "Ext4Disk.h"

=20

 #define SYMLOOP_MAX    8

-#define EXT4_NAME_MAX  255

 //

 // We need to specify path length limit for security purposes, to prevent =
possible

 // overflows and dead-loop conditions. Originally this limit is absent in =
FS design,

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97192): https://edk2.groups.io/g/devel/message/97192
Mute This Topic: https://groups.io/mt/95563275/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97193+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97193+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602279; cv=none;
	d=zohomail.com; s=zohoarc;
	b=IWGBGLp9OFwU91PamTTTt6OuerwSGyqZ17UIHHRQk4wfwJawmmSkNESxBuuNpQ+iCkhSoZlzHSxGruZYk26EldSve0R/eaGMaNEW7scLYTpGZlL23xC64XbEOsXkY2+OHZ41JAc4lfRBB1s5BAFAzSy/pqUYFKCXSTbOPS3rGpU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602279;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=AzBP/fTIYwcY8nTZ7zD2+rDJLu7EOyAYzyNyY/hOjGY=;
	b=GYpZeqITvIr/MhGLRIUEuCf3ZTCK/cr+xx4zfg4Ui1rTbjlK4/SKiRK0M/RyWM5mN1GQ94jxC+dmIOnlRdZw5j61nYkyy6lg0LmMEEeQts/OIgFeAwWbTq4CmAoR+XRHKEduhmBmEVDJOOu2Q48JqJK7/paMBz49LBkM8aJZJYA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97193+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602279971478.7087420705517;
 Fri, 9 Dec 2022 08:11:19 -0800 (PST)
Return-Path: <bounce+27952+97193+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id UCSWYY1788612xpMPmoeaA12;
 Fri, 09 Dec 2022 08:11:19 -0800
X-Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com
 [209.85.167.44])
 by mx.groups.io with SMTP id smtpd.web10.5487.1670602278804047469
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:19 -0800
X-Received: by mail-lf1-f44.google.com with SMTP id 1so7767873lfz.4
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:18 -0800 (PST)
X-Gm-Message-State: bL8PBmWPr7rlYzhRIsLN7Ospx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf50QhJ15yxqslJHtbDfvvkpV8FHuC5Dbtz+oq0A96zUmZWc/Ji/1mCxSt5XJLdSvamIcYmNhQ==
X-Received: by 2002:a05:6512:3d8f:b0:4b5:8c94:dbd2 with SMTP id
 k15-20020a0565123d8f00b004b58c94dbd2mr4270479lfv.24.1670602277014;
        Fri, 09 Dec 2022 08:11:17 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:16 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 03/12] Ext4Pkg: Fix global
 buffer overflow in Ext4ReadDir
Date: Fri,  9 Dec 2022 22:10:55 +0600
Message-Id: <20221209161104.70220-4-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602279;
 bh=ada6lyuv6TFpNk07Y/O2lLd/tmO+5sJmEdcxM7Mnm5U=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=O+H219YeuVR7RsCUj7A3RLTNBx1380Zoz/tC6Mf6RjaA6o39JsNOsu8+kYhNlWibQdQ
 h2MUTSohTOPuMVH6ii3ixVX8pDBRVWTV4zJ+tBhT1L+TAOlzwBds0/nZE5lNGJcHW7EFq
 /gjWDGZBYL5xFNhjx78raFbz/K7Vy4pA6I4=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602281646100010
Content-Type: text/plain; charset="utf-8"

Directory entry structure can contain name_len bigger than size of "."
or "..", that's why CompareMem in such cases leads to global buffer
overflow. So there are two problems. The first is that statement doesn't
check cases when name_len !=3D 0 but > 2 and the second is that we passing
big Length to CompareMem routine.
The correct way here is to check that name_len <=3D 2 and check for
null-terminator presence

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Directory.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx=
e/Directory.c
index 8b8fce568e43..ffc0e8043076 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Directory.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c
@@ -491,11 +491,9 @@ Ext4ReadDir (
=20

     // Entry.name_len may be 0 if it's a nameless entry, like an unused en=
try

     // or a checksum at the end of the directory block.

-    // memcmp (and CompareMem) return 0 when the passed length is 0.

-

-    IsDotOrDotDot =3D Entry.name_len !=3D 0 &&

-                    (CompareMem (Entry.name, ".", Entry.name_len) =3D=3D 0=
 ||

-                     CompareMem (Entry.name, "..", Entry.name_len) =3D=3D =
0);

+    IsDotOrDotDot =3D Entry.name_len <=3D 2 &&

+                    ((Entry.name[0] =3D=3D '.') &&

+                     (Entry.name[1] =3D=3D '.' || Entry.name[1] =3D=3D '\0=
'));

=20

     // When inode =3D 0, it's unused.

     ShouldSkip =3D Entry.inode =3D=3D 0 || IsDotOrDotDot;

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97193): https://edk2.groups.io/g/devel/message/97193
Mute This Topic: https://groups.io/mt/95563277/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97195+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97195+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602281; cv=none;
	d=zohomail.com; s=zohoarc;
	b=C6VNfL+uPpTDymAtTxKoL9+mRIqF/FtYBZ5mIXv60/tyo1MbMvVI+K3OvPi809HdUy2li4GLEwq86sBfhIaTNUH/BTO7o5q1ZUXZBOiygZ6sQqSSX7aQiqk26oscghvUyWD7siAiuq5IrVMh9QVLhZMJszRfYRlx8r8jpmMnZcs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602281;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=533f+PTu+mNFdmaPBJvaL0tEK9JTa4d6o/nhadjPapQ=;
	b=BXj1n6c9lNHb2SwNV6Pzh2e6lHEax21RgCd6JwQnMEy0Dl91jUqVGqcxQE5+Uk7FnhvZsTGTrhZEks5jm/T26AuWADaHD5bsLXCZmZ3ht/KigcalkaM9C86NzkGM3ZPBoaWli5mtqVj0Q0AuvQjGDYD8LBdjArvzs0Cwb6Lp0d0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97195+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602281517707.2746134333182;
 Fri, 9 Dec 2022 08:11:21 -0800 (PST)
Return-Path: <bounce+27952+97195+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id ImjRYY1788612xmdy5rr7tmK;
 Fri, 09 Dec 2022 08:11:21 -0800
X-Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com
 [209.85.167.46])
 by mx.groups.io with SMTP id smtpd.web10.5488.1670602280157708131
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:20 -0800
X-Received: by mail-lf1-f46.google.com with SMTP id bp15so7723075lfb.13
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:19 -0800 (PST)
X-Gm-Message-State: mxUr38gDrSdcSVHrkXpjpEiYx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf7dSKHV5Pb8iOLtqUzEYwx1IWvNT14hUwPknnJfg7dPS7/qLD9GF/Wts3qLZoOCsf8GOgp4ow==
X-Received: by 2002:ac2:58c6:0:b0:4b5:6ae8:11e5 with SMTP id
 u6-20020ac258c6000000b004b56ae811e5mr1778275lfo.62.1670602278117;
        Fri, 09 Dec 2022 08:11:18 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:17 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 04/12] Ext4Pkg: Fix incorrect
 checksum metadata feature check
Date: Fri,  9 Dec 2022 22:10:56 +0600
Message-Id: <20221209161104.70220-5-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602281;
 bh=sxGZBQg78vnqXvrWmYG9TL4cynq8hqW5PzkYpGO+uVc=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=Ygt6wDjsmTb0ltsQA9+9YPi2BO/IXRtweU5VYpSX1uwfaTjR0YC1sYBqlyuipdm8JuJ
 qa22KtZs4nKsVghrl/SgSWmo9J9Y9uZN2gx5/w3R3fTRI4AFMs52NqJgDdF9cqUDKZpvG
 zl7hbA0wepEQZuz2FJUBedqmFB9A7hWv83s=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602283530100017
Content-Type: text/plain; charset="utf-8"

Missing comparison !=3D 0 leads to broken logic condition. Also replaced
CSUM_SEED feature_incompat check with predefined macro EXT4_HAS_INCOMPAT

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Superblock.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4D=
xe/Superblock.c
index edee051c41e8..4c662bd1784f 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
@@ -220,13 +220,11 @@ Ext4OpenSuperblock (
   }

=20

   // At the time of writing, it's the only supported checksum.

-  if (Partition->FeaturesCompat & EXT4_FEATURE_RO_COMPAT_METADATA_CSUM &&

-      (Sb->s_checksum_type !=3D EXT4_CHECKSUM_CRC32C))

-  {

+  if (EXT4_HAS_METADATA_CSUM (Partition) && (Sb->s_checksum_type !=3D EXT4=
_CHECKSUM_CRC32C)) {

     return EFI_UNSUPPORTED;

   }

=20

-  if ((Partition->FeaturesIncompat & EXT4_FEATURE_INCOMPAT_CSUM_SEED) !=3D=
 0) {

+  if (EXT4_HAS_INCOMPAT (Partition, EXT4_FEATURE_INCOMPAT_CSUM_SEED)) {

     Partition->InitialSeed =3D Sb->s_checksum_seed;

   } else {

     Partition->InitialSeed =3D Ext4CalculateChecksum (Partition, Sb->s_uui=
d, 16, ~0U);

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97195): https://edk2.groups.io/g/devel/message/97195
Mute This Topic: https://groups.io/mt/95563279/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97194+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97194+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602281; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ln4LBhO61KXVuhDaOYrSKbOn6E7dGkjhVELrm5RRQUgDKrHV/E9XTNw6iG8eSrTc1Jxf3f2P2qkT8+mMFLaZtgMDY24PQsvp8QMEcL5hnYtRTe5BpBppxI8EZn03f25LMbGYttZSx5Gw4kOz/IsSTvZivTIqnCSbUE2/XqU/rrw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602281;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=Xtc7bZCz9POC622AiIOlpl2wwXiPC+cI1i4LH/i50Jo=;
	b=Cgdcqd4TMc8LbADSvABJqJ7ALN0hHccocdXm1ogEfRRzn0om71eCCiwNblYpKYDs6ZtGx9NhcR4MRoYh8bmx+aWRGq7mKN00rIfevOdyLJOsaibsrZS9EEJmGBPl9KZUSmBrPAEYU3qvtEKTpRcKK1bFkyPuEsZIfopP9zlp6jE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97194+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602281152426.5065751537701;
 Fri, 9 Dec 2022 08:11:21 -0800 (PST)
Return-Path: <bounce+27952+97194+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id Tz42YY1788612x7wIdyPqbAu;
 Fri, 09 Dec 2022 08:11:20 -0800
X-Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com
 [209.85.167.48])
 by mx.groups.io with SMTP id smtpd.web11.5561.1670602277630375568
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:20 -0800
X-Received: by mail-lf1-f48.google.com with SMTP id y25so7747341lfa.9
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:19 -0800 (PST)
X-Gm-Message-State: WPeG9jJiuTsGqsQzzntj0Jj7x1787277AA=
X-Google-Smtp-Source: 
 AA0mqf5+LQllDE0izuhlFXkJM6jtW/CG3G3d1WYwuLRE/N7mln2+J83m2RPg4Z9dzDP1HKqwEtfRmw==
X-Received: by 2002:a05:6512:4024:b0:4b5:2aea:8f5e with SMTP id
 br36-20020a056512402400b004b52aea8f5emr2121012lfb.16.1670602279293;
        Fri, 09 Dec 2022 08:11:19 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:18 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 05/12] Ext4Pkg: Fix division
 by zero by adding check for s_inodes_per_group
Date: Fri,  9 Dec 2022 22:10:57 +0600
Message-Id: <20221209161104.70220-6-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602280;
 bh=7FBtjcHB96u26S238KLoDdtZiwGQOSm9BXqMjASAs1Q=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=Ui3t7ZXf2W3+hbMyXxP2gXTzy10ZIKPFLNSlBO+83glxD41vYu9oFPPTWNbokcljp2m
 OnkpqQbCeUEGeXSfC6PcOxLpJ58yJ0S0pFYNNY/1YqFevGqeLzhSp63496KOmGGNiTrt+
 pqXdx9cm/weked6vpeogYMVbNOtqYoBRSCo=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602281661100012
Content-Type: text/plain; charset="utf-8"

Superblock s_inodes_per_group field can't be zero, it leads to division
by zero in BlockGroup routine Ext4ReadInode

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Superblock.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4D=
xe/Superblock.c
index 4c662bd1784f..adaf475ea54d 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
@@ -243,6 +243,11 @@ Ext4OpenSuperblock (
=20

   DEBUG ((DEBUG_FS, "Read only =3D %u\n", Partition->ReadOnly));

=20

+  if (Sb->s_inodes_per_group =3D=3D 0) {

+    DEBUG ((DEBUG_ERROR, "[ext4] Inodes per group can not be zero\n"));

+    return EFI_VOLUME_CORRUPTED;

+  }

+

   Partition->BlockSize =3D (UINT32)LShiftU64 (1024, Sb->s_log_block_size);

=20

   // The size of a block group can also be calculated as 8 * Partition->Bl=
ockSize

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97194): https://edk2.groups.io/g/devel/message/97194
Mute This Topic: https://groups.io/mt/95563278/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97196+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97196+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602289; cv=none;
	d=zohomail.com; s=zohoarc;
	b=YSI4wbh/C4VlgMWnQjOwaK4UTEFvTJpuCiWPNdBF1kvcRAaZFl1tUmG8TzN3PH6FUDpz77E+73XtqrbKNCny7J/0/iJkT1tzfrBBcOVFxKIpwmdXJuZB3NLFPl2bE8k+kUDxmAoQ4TVi+u80fYdDSjxJYwgW8jnopG3WVlxT5Uw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602289;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=Opqea8RfR9NVjgnjoL41U4w0S8fYWMg5sCgtz/2skSY=;
	b=ISFUasmEN8cMobOLY0drtSpolEWnNlajVtKaXWSp3+hlKYulIRwRVMsGPdqSrfRjaMgozHji9KCbU+d8obqnnrARKoagE5oJPhgdcvOTATly5NEm8KxwDTfbk6kJitHRZyxomcsj4s/LpjPeMAItld1bbs60/jOS3LH4rGl5+ak=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97196+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602289295549.7584915682398;
 Fri, 9 Dec 2022 08:11:29 -0800 (PST)
Return-Path: <bounce+27952+97196+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id KUfZYY1788612x1LV6zQlEMq;
 Fri, 09 Dec 2022 08:11:29 -0800
X-Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com
 [209.85.167.54])
 by mx.groups.io with SMTP id smtpd.web10.5489.1670602282281433718
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:22 -0800
X-Received: by mail-lf1-f54.google.com with SMTP id b13so7776569lfo.3
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:22 -0800 (PST)
X-Gm-Message-State: pXy1yIZZCZTr71HwGhnIpnExx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4xalmRQxxLe63QFxVokKz18o3D0b3Wa80ttAxs/QjJWf/Y+ulvsuTOvgufHU+B7LXO+cQIUQ==
X-Received: by 2002:a19:7b03:0:b0:4a4:68b8:f4d0 with SMTP id
 w3-20020a197b03000000b004a468b8f4d0mr2007656lfc.22.1670602280449;
        Fri, 09 Dec 2022 08:11:20 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:20 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 06/12] Ext4Pkg: Add comparison
 between Position and FileSize in Ext4SetPosition
Date: Fri,  9 Dec 2022 22:10:58 +0600
Message-Id: <20221209161104.70220-7-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602289;
 bh=yTpQgSmtdzUcKSobCDHBDn2TQo2xKK6qzjkP0uPw9Pk=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=KNtNFhXgw54u30hjDqjhvjvOqpI+qlGpbVAGZ1tNAOHsl5tKJrhx9zlsxL+HXmJE9gR
 lcvo9Ew3rgpdePXBu9BkrJrREeuAMb0fcYzdvxBF3yvcHcbP8C/FxUJLsLJOykNpa7vg4
 +nKjkJZfcZdVE0n4ESUsGrvIajL+9kWoQVU=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602289701100016
Content-Type: text/plain; charset="utf-8"

Missing such comparison leads to infinite loop states, for example code
which trying to read entire file can easily get out of bound of
file size by passing position value which exceeds file size without this
check. So we need to add there missing comparison between the desired
position to be set and file size

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h | 19 +++++++++---------
 Features/Ext4Pkg/Ext4Dxe/File.c    | 21 +++++++++++++-------
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index dde4f4cb0e06..1dcb644e3b35 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -31,7 +31,7 @@
=20

 #include "Ext4Disk.h"

=20

-#define SYMLOOP_MAX    8

+#define SYMLOOP_MAX  8

 //

 // We need to specify path length limit for security purposes, to prevent =
possible

 // overflows and dead-loop conditions. Originally this limit is absent in =
FS design,

@@ -715,16 +715,15 @@ Ext4GetPosition (
 /**

   Sets a file's current position.

=20

-  @param[in]  This            A pointer to the EFI_FILE_PROTOCOL instance =
that

-is the file handle to set the requested position on.

-  @param[in] Position        The byte position from the start of the file =
to

-set.

+  @param[in]  This            A pointer to the EFI_FILE_PROTOCOL instance =
that is the

+                              file handle to set the requested position on.

+  @param[in]  Position        The byte position from the start of the file=
 to set.

=20

-  @retval EFI_SUCCESS      The position was set.

-  @retval EFI_UNSUPPORTED  The seek request for nonzero is not valid on op=
en

-                           directories.

-  @retval EFI_DEVICE_ERROR An attempt was made to set the position of a de=
leted

-file.

+  @retval EFI_SUCCESS            The position was set.

+  @retval EFI_INVALID_PARAMETER  The seek request for non-zero position is=
 not valid on open

+                                 directories.

+  @retval EFI_UNSUPPORTED        The seek request for position is exceeds =
FileSize.

+  @retval EFI_DEVICE_ERROR       An attempt was made to set the position o=
f a deleted file.

=20

 **/

 EFI_STATUS

diff --git a/Features/Ext4Pkg/Ext4Dxe/File.c b/Features/Ext4Pkg/Ext4Dxe/Fil=
e.c
index 04198a53bfc0..b4ed78847258 100644
--- a/Features/Ext4Pkg/Ext4Dxe/File.c
+++ b/Features/Ext4Pkg/Ext4Dxe/File.c
@@ -587,12 +587,13 @@ Ext4GetPosition (
=20

   @param[in]  This            A pointer to the EFI_FILE_PROTOCOL instance =
that is the

                               file handle to set the requested position on.

-  @param[in] Position        The byte position from the start of the file =
to set.

+  @param[in]  Position        The byte position from the start of the file=
 to set.

=20

-  @retval EFI_SUCCESS      The position was set.

-  @retval EFI_UNSUPPORTED  The seek request for nonzero is not valid on op=
en

-                           directories.

-  @retval EFI_DEVICE_ERROR An attempt was made to set the position of a de=
leted file.

+  @retval EFI_SUCCESS            The position was set.

+  @retval EFI_INVALID_PARAMETER  The seek request for non-zero position is=
 not valid on open

+                                 directories.

+  @retval EFI_UNSUPPORTED        The seek request for position is exceeds =
FileSize.

+  @retval EFI_DEVICE_ERROR       An attempt was made to set the position o=
f a deleted file.

=20

 **/

 EFI_STATUS

@@ -603,17 +604,23 @@ Ext4SetPosition (
   )

 {

   EXT4_FILE  *File;

+  UINT64     FileSize;

=20

   File =3D EXT4_FILE_FROM_THIS (This);

=20

   // Only seeks to 0 (so it resets the ReadDir operation) are allowed

   if (Ext4FileIsDir (File) && (Position !=3D 0)) {

-    return EFI_UNSUPPORTED;

+    return EFI_INVALID_PARAMETER;

   }

=20

+  FileSize =3D EXT4_INODE_SIZE (File->Inode);

+

   // -1 (0xffffff.......) seeks to the end of the file

   if (Position =3D=3D (UINT64)-1) {

-    Position =3D EXT4_INODE_SIZE (File->Inode);

+    Position =3D FileSize;

+  } else if (Position > FileSize) {

+    DEBUG ((DEBUG_FS, "[ext4] Ext4SetPosition Cannot seek to #%Lx of %Lx\n=
", Position, FileSize));

+    return EFI_UNSUPPORTED;

   }

=20

   File->Position =3D Position;

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97196): https://edk2.groups.io/g/devel/message/97196
Mute This Topic: https://groups.io/mt/95563280/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97197+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97197+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602289; cv=none;
	d=zohomail.com; s=zohoarc;
	b=MXmxyesL7Q8jeHq2Fyps9AfoRmCU/uKwwQ/yYOPJP9gAD0cpLmWksHjGqbP48uUSh9vx2UGCbkyrHdfGHHg16cUW8iXx3uS/ltcLSG0i7VnrZ26w0rLSRem7eDas26fbrKDB9a9WnFRsbnZx1HioHNvmiWh05N5QPOUeLt3hTjE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602289;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=jNnbHMsweart9Ag0QiPTRg9tq8ZpFNMhDKQ7P8AI5IA=;
	b=V8FzYA7G4ciZ/VDf5+NKobi6nn49DjXMAII0/RxRAEvJXP21ZylxOdC6q/SHwv3AfA4IkG6Zv+SgT1RnSSGKESC2+pAA0wSPtR+su7cwTiBmRwJ/DD+R9DTskK4k4GGkmWX3laOJwxXWtdTket/JT1T/lKWMIuj/0M3ZxBpVMME=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97197+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602289814311.5345712013534;
 Fri, 9 Dec 2022 08:11:29 -0800 (PST)
Return-Path: <bounce+27952+97197+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id ageSYY1788612xqgYuRESHfX;
 Fri, 09 Dec 2022 08:11:29 -0800
X-Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com
 [209.85.167.49])
 by mx.groups.io with SMTP id smtpd.web11.5564.1670602283583145376
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:23 -0800
X-Received: by mail-lf1-f49.google.com with SMTP id p36so7734603lfa.12
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:23 -0800 (PST)
X-Gm-Message-State: RuED4BjrAV5jDffxvnwgFYiRx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf6srGq7SIHHTAWSsg+9cU7/DC+mBvpVHMA+PO8oWpkjqxf6W4HktIhq4uqVW1+V6A4UfN6m7A==
X-Received: by 2002:a05:6512:15a6:b0:4b4:b5bf:3ce6 with SMTP id
 bp38-20020a05651215a600b004b4b5bf3ce6mr3734933lfb.38.1670602281553;
        Fri, 09 Dec 2022 08:11:21 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:21 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 07/12] Ext4Pkg: Add inode
 number validity check
Date: Fri,  9 Dec 2022 22:10:59 +0600
Message-Id: <20221209161104.70220-8-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602289;
 bh=GOK0qjKfhGqNIm9Qs8GsiLXEoYkMQY3xXQW+qTERwiU=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=QGjwZcoYayXs4V7cu9U32/yl+csAJMHbw1l3IQNwPg39H3xlhvontw+WFBpWT2kkonz
 QfLZKllD3TdepC2QHziBnsjrb/md9WaktWIVIDQ0EbOSdmnqfT3HpcQs1aRISANT2jhqW
 uIXn2t52h53FjNH5SZtDbPpREnM6drBHe4g=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602291726100022
Content-Type: text/plain; charset="utf-8"

We need to validate inode number to prevent possible null-pointer
dereference of directory parent in Ext4OpenDirent. Also checks that
inode number valid across opened partition before we read it in
Ext4ReadInode.

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h   | 15 +++++++++---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 25 ++++++++++++++++++++
 Features/Ext4Pkg/Ext4Dxe/BlockGroup.c |  5 ++++
 Features/Ext4Pkg/Ext4Dxe/Directory.c  | 10 ++++++++
 4 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h b/Features/Ext4Pkg/Ext4Dxe=
/Ext4Disk.h
index 1285644dcb25..6b56ce6813fc 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
@@ -397,7 +397,7 @@ typedef struct _Ext4Inode {
   UINT32       i_projid;

 } EXT4_INODE;

=20

-#define EXT4_NAME_MAX 255

+#define EXT4_NAME_MAX  255

=20

 typedef struct {

   UINT32    inode;

@@ -469,8 +469,17 @@ typedef UINT64  EXT4_BLOCK_NR;
 typedef UINT32  EXT2_BLOCK_NR;

 typedef UINT32  EXT4_INO_NR;

=20

-// 2 is always the root inode number in ext4

-#define EXT4_ROOT_INODE_NR  2

+/* Special inode numbers */

+#define EXT4_ROOT_INODE_NR         2

+#define EXT4_USR_QUOTA_INODE_NR    3

+#define EXT4_GRP_QUOTA_INODE_NR    4

+#define EXT4_BOOT_LOADER_INODE_NR  5

+#define EXT4_UNDEL_DIR_INODE_NR    6

+#define EXT4_RESIZE_INODE_NR       7

+#define EXT4_JOURNAL_INODE_NR      8

+

+/* First non-reserved inode for old ext4 filesystems */

+#define EXT4_GOOD_OLD_FIRST_INODE_NR  11

=20

 #define EXT4_BLOCK_FILE_HOLE  0

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index 1dcb644e3b35..d135892633af 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -287,6 +287,31 @@ Ext4GetBlockGroupDesc (
   IN UINT32          BlockGroup

   );

=20

+/**

+   Retrieves the first usable non-reserved inode number from the superblock

+   of the opened partition.

+

+   @param[in]  Partition      Pointer to the opened ext4 partition.

+

+   @return The first usable inode number (non-reserved).

+**/

+#define EXT4_FIRST_INODE_NR(Partition)                                    =
     \

+  ((Partition->SuperBlock.s_rev_level =3D=3D EXT4_GOOD_OLD_REV) ?         =
         \

+         EXT4_GOOD_OLD_FIRST_INODE_NR :                                   =
     \

+         Partition->SuperBlock.s_first_ino)

+

+/**

+   Checks inode number validity across superblock of the opened partition.

+

+   @param[in]  Partition      Pointer to the opened ext4 partition.

+

+   @return TRUE if inode number is valid.

+**/

+#define EXT4_IS_VALID_INODE_NR(Partition, InodeNum)                       =
     \

+  (InodeNum =3D=3D EXT4_ROOT_INODE_NR ||                                  =
         \

+        (InodeNum >=3D EXT4_FIRST_INODE_NR(Partition) &&                  =
       \

+         InodeNum <=3D Partition->SuperBlock.s_inodes_count))

+

 /**

    Reads an inode from disk.

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c b/Features/Ext4Pkg/Ext4D=
xe/BlockGroup.c
index cba96cd95afc..f34cdc5dbad7 100644
--- a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
+++ b/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
@@ -50,6 +50,11 @@ Ext4ReadInode (
   EXT4_BLOCK_NR          InodeTableStart;

   EFI_STATUS             Status;

=20

+  if (!EXT4_IS_VALID_INODE_NR (Partition, InodeNum)) {

+    DEBUG ((DEBUG_ERROR, "[ext4] Error reading inode: inode number %lu isn=
't valid\n", InodeNum));

+    return EFI_VOLUME_CORRUPTED;

+  }

+

   BlockGroupNumber =3D (UINT32)DivU64x64Remainder (

                                InodeNum - 1,

                                Partition->SuperBlock.s_inodes_per_group,

diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx=
e/Directory.c
index ffc0e8043076..ff476c8641e8 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Directory.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c
@@ -163,6 +163,10 @@ Ext4RetrieveDirent (
       if (Entry->inode =3D=3D 0) {

         BlockOffset +=3D Entry->rec_len;

         continue;

+      } else if (!EXT4_IS_VALID_INODE_NR (Partition, Entry->inode)) {

+        DEBUG ((DEBUG_ERROR, "[ext4] Ext4RetrieveDirent directory entry in=
ode number %u isn't valid\n", Entry->inode));

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       Status =3D Ext4GetUcs2DirentName (Entry, DirentUcs2Name);

@@ -498,6 +502,12 @@ Ext4ReadDir (
     // When inode =3D 0, it's unused.

     ShouldSkip =3D Entry.inode =3D=3D 0 || IsDotOrDotDot;

=20

+    if ((Entry.inode !=3D 0) && !EXT4_IS_VALID_INODE_NR (Partition, Entry.=
inode)) {

+      DEBUG ((DEBUG_ERROR, "[ext4] Ext4ReadDir directory entry inode numbe=
r %u isn't valid\n", Entry.inode));

+      Status =3D EFI_VOLUME_CORRUPTED;

+      goto Out;

+    }

+

     if (ShouldSkip) {

       Offset +=3D Entry.rec_len;

       continue;

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97197): https://edk2.groups.io/g/devel/message/97197
Mute This Topic: https://groups.io/mt/95563281/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97199+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97199+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602286; cv=none;
	d=zohomail.com; s=zohoarc;
	b=YbTbflKZVWlOS1qiEEqeLKO7cGExpnIBp0FAIAor1AN8wmDoFPGB0lejwvKBHKzU2UxlTzoYR5p+/ku4r/DpmichuGye5LqIvL6FXqhV1ewI5helx1YlrjpXvtcY68tIMXr0S/51STCBUeDI3qwOqOL+n6Kkb0RFOd298gL+6Es=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602286;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=vCGuZlYf01wtcwOaXXt/rAfhm3FACG8xdl4BAdKnkMw=;
	b=YLYLaHUc4yK0Abn4l+MXdTqG9EqJDoHU/HLz5v1GXWQLWnOLTca8dMVKBHdZrjTs6NMVRdAMErdZ8A0usiItaZp9hs9UXkvm2IRqz2PF+Vxey76jltwWrn9OzXwqleP3FHrsoBf7zta06q7Nu8klJUc5RCnFNmjCaZ9mvcy5Rnc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97199+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602286140483.18751029995803;
 Fri, 9 Dec 2022 08:11:26 -0800 (PST)
Return-Path: <bounce+27952+97199+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id P0m3YY1788612xOLenU2iBHE;
 Fri, 09 Dec 2022 08:11:25 -0800
X-Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com
 [209.85.167.43])
 by mx.groups.io with SMTP id smtpd.web10.5491.1670602284692974264
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:25 -0800
X-Received: by mail-lf1-f43.google.com with SMTP id d6so7742979lfs.10
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:24 -0800 (PST)
X-Gm-Message-State: bK308VFwfzTblfuzsKAk3e37x1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4js2NK6wqVXaq8OBEk8XxOQ516DsblrX6oaXz6snkQZp9xWAvJltQq5RbCsIMM1BE3rmtYEA==
X-Received: by 2002:ac2:4c98:0:b0:4b5:688e:ee10 with SMTP id
 d24-20020ac24c98000000b004b5688eee10mr1637863lfl.16.1670602282709;
        Fri, 09 Dec 2022 08:11:22 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:22 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 08/12] Ext4Pkg: Fix shift out
 of bounds in Ext4OpenSuperblock
Date: Fri,  9 Dec 2022 22:11:00 +0600
Message-Id: <20221209161104.70220-9-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602285;
 bh=64aRIS2GUdr6PInQgM9tDMmnwZqT+lHByjz3IR0zEiM=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=YU4skihzI2m+4syYegJTG1jpmZeuGvc9qLASJKe9z2LQSE7d1mGsugziV4CsTJhpU5w
 ezsWF/7X6RW3LPTnWNQHmf9n5ULOG5GxDo5uvYr/9zzner/5TpR69DOmw6xme+Cass0Do
 l2VZkx+nfNrR7ygDALyUd2AtpK+Dzk1pgPM=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602287696100003
Content-Type: text/plain; charset="utf-8"

Missing check for wrong s_log_block_size exponent leads to shift out of
bounds. Limit block size to 2 MiB

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 14 ++++++++++++++
 Features/Ext4Pkg/Ext4Dxe/Superblock.c |  5 +++++
 2 files changed, 19 insertions(+)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index d135892633af..0600a75d6750 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -40,6 +40,20 @@
 #define EXT4_EFI_PATH_MAX    4096

 #define EXT4_DRIVER_VERSION  0x0000

=20

+//

+// The EXT4 Specification doesn't strictly limit block size and this value=
 could be up to 2^31,

+// but in practice it is limited by PAGE_SIZE due to performance significa=
nt impact.

+// Many EXT4 implementations have size of block limited to PAGE_SIZE. In m=
any cases it's limited

+// to 4096, which is a commonly supported page size on most MMU-capable ha=
rdware, and up to 65536.

+// So, to take a balance between compatibility and security measures, it i=
s decided to use the

+// value of 2MiB as the limit, which is equal to page size on new hardware.

+// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called =
BIGALLOC, which changes

+// EXT4 to use clustered allocation, so that each bit in the ext4 block al=
location bitmap addresses

+// a power of two number of blocks. So it would be wiser to implement and =
use this feature

+// if there is such a need instead of big block size.

+//

+#define EXT4_LOG_BLOCK_SIZE_MAX  11

+

 /**

    Opens an ext4 partition and installs the Simple File System protocol.

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4D=
xe/Superblock.c
index adaf475ea54d..ffe66a8bb847 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
@@ -248,6 +248,11 @@ Ext4OpenSuperblock (
     return EFI_VOLUME_CORRUPTED;

   }

=20

+  if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {

+    DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too bi=
g\n", Sb->s_log_block_size));

+    return EFI_UNSUPPORTED;

+  }

+

   Partition->BlockSize =3D (UINT32)LShiftU64 (1024, Sb->s_log_block_size);

=20

   // The size of a block group can also be calculated as 8 * Partition->Bl=
ockSize

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97199): https://edk2.groups.io/g/devel/message/97199
Mute This Topic: https://groups.io/mt/95563283/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97198+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97198+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602285; cv=none;
	d=zohomail.com; s=zohoarc;
	b=CvhIFJs2nEka/riKDw5vbwx5nW3xjNis1LJ180eVhu+neNat3URfP/OLQzDwJ0htfGq/XtgLQCbiYGbSpNELMpwA4IO2Wv75UfDwr0NkI9ZtlJvs/0Er2YqQNlTh5kj51iE64cy/rMkSOI4UpifrkEQx1uLHtQBJuiReJbW6Spw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602285;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=b1LLZFcFAiO1ZWbtLKYCakEWbV7kvBm5v1lRhPr/nxk=;
	b=jAXERYKJp9BIl5+zswWvp30kt7b3tcgMgcJ8KYj150cV1XfJIwkxW4eaTHdvljn5MGhpOC0NYedewMPYag+Y+AZ1465zDcNB6WTZ+XbXZQoB4T0Wp0Bid4qsRRJoOZApIkhwTmADDsSnqJTHgAV/SNAPEMUHEai1m5OWQUmyi1o=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97198+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602285782221.49990728334217;
 Fri, 9 Dec 2022 08:11:25 -0800 (PST)
Return-Path: <bounce+27952+97198+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 9fQDYY1788612xapVXxBqKmY;
 Fri, 09 Dec 2022 08:11:25 -0800
X-Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com
 [209.85.167.53])
 by mx.groups.io with SMTP id smtpd.web11.5559.1670602275517869580
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:24 -0800
X-Received: by mail-lf1-f53.google.com with SMTP id c1so7767917lfi.7
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:24 -0800 (PST)
X-Gm-Message-State: okSn9XgJyO7wSND1RMQjKYZRx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4PO9SpDXaWiqH0WXX8NV42dtnWvSlFvAbbqeMgh7z1Fo/tgTwo1SA6k/s25UUrwxmgjgON3w==
X-Received: by 2002:a05:6512:74f:b0:4b5:aa59:28 with SMTP id
 c15-20020a056512074f00b004b5aa590028mr1347496lfs.38.1670602283792;
        Fri, 09 Dec 2022 08:11:23 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.22
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:23 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 09/12] Ext4Pkg: Correct
 integer overflow check on multiplication in DiskUtil
Date: Fri,  9 Dec 2022 22:11:01 +0600
Message-Id: <20221209161104.70220-10-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602285;
 bh=8w6362H+260NedCTTZFy8c1tEKF9wCXGIfGZplI0org=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=AWerZ3JGcziw5TTtH1zd18qGlVfupr/ZcoQG7+5OdIh2hyqtTybxXoGwp138yU7UuL+
 b9m+hmzUXRyGzfOb3Ap9u4ZdB1EzQU9BA3AYBaifWWvv7f2axwe3Ks+O3sSf0+e8e3thT
 Go+KcoOefnlnvi777g3EtPpp4bBjHRPHR+I=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602287716100006
Content-Type: text/plain; charset="utf-8"

Multiplication overflow could result into small numbers, so we need also
check it

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Pkg.dsc        | 2 +-
 Features/Ext4Pkg/Ext4Dxe/DiskUtil.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Pkg.dsc b/Features/Ext4Pkg/Ext4Pkg.dsc
index 59bc327ebf6e..621c63eaf92d 100644
--- a/Features/Ext4Pkg/Ext4Pkg.dsc
+++ b/Features/Ext4Pkg/Ext4Pkg.dsc
@@ -46,7 +46,7 @@
   DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf

   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib=
/BaseOrderedCollectionRedBlackTreeLib.inf

   BaseUcs2Utf8Lib|RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.inf

- =20

+

   #

   # Required for stack protector support

   #

diff --git a/Features/Ext4Pkg/Ext4Dxe/DiskUtil.c b/Features/Ext4Pkg/Ext4Dxe=
/DiskUtil.c
index 32da35f7d9f5..c4af956da926 100644
--- a/Features/Ext4Pkg/Ext4Dxe/DiskUtil.c
+++ b/Features/Ext4Pkg/Ext4Dxe/DiskUtil.c
@@ -60,11 +60,11 @@ Ext4ReadBlocks (
   // Check for overflow on the block -> byte conversions.

   // Partition->BlockSize is never 0, so we don't need to check for that.

=20

-  if (Offset > DivU64x32 ((UINT64)-1, Partition->BlockSize)) {

+  if ((NumberBlocks !=3D 0) && (DivU64x64Remainder (Offset, BlockNumber, N=
ULL) !=3D Partition->BlockSize)) {

     return EFI_INVALID_PARAMETER;

   }

=20

-  if (Length > (UINTN)-1/Partition->BlockSize) {

+  if ((NumberBlocks !=3D 0) && (Length / NumberBlocks !=3D Partition->Bloc=
kSize)) {

     return EFI_INVALID_PARAMETER;

   }

=20

@@ -94,12 +94,12 @@ Ext4AllocAndReadBlocks (
=20

   Length =3D NumberBlocks * Partition->BlockSize;

=20

-  if (Length > (UINTN)-1/Partition->BlockSize) {

+  // Check for integer overflow

+  if ((NumberBlocks !=3D 0) && (Length / NumberBlocks !=3D Partition->Bloc=
kSize)) {

     return NULL;

   }

=20

   Buf =3D AllocatePool (Length);

-

   if (Buf =3D=3D NULL) {

     return NULL;

   }

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97198): https://edk2.groups.io/g/devel/message/97198
Mute This Topic: https://groups.io/mt/95563282/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97200+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97200+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602286; cv=none;
	d=zohomail.com; s=zohoarc;
	b=enIxzPIZu6MmsOaWy6vKOEGoACOeBxJ6TNz5WF0suIYKRCTeDnfXo68pMlccuAIq03d0cHkH3YRElXqmxLE6EZ9K92uNzuK/1jEsqCG3lA9VXsGVfBAM6ZXWvfGUzYsjqDIQAtg+JpOV2UhlYYDT/f5PEJJ1mxAXFUJjg6bGwv0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602286;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=f4M3QxFbahvniCl6s23VgcvSA1u3fZAe8C7P85YhvZQ=;
	b=n+qZXuz2aIY6Awzg8dJb7qt/W1MtTvOH567NZh/7d8OSGERsThE/coicIhYl/5GQbz4jhFgAnqTESF0Mj1XQV/xs+f2Y2nLZEANZKYL/kyqGOb/MAUT5pqpjS7kYWR1Wx5K5bi9azN07Vo8jMKPf/89ecFYIDqG2n2Vt/BVH/jM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97200+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602286944716.876399651387;
 Fri, 9 Dec 2022 08:11:26 -0800 (PST)
Return-Path: <bounce+27952+97200+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id DO1AYY1788612xZIMiAACXj1;
 Fri, 09 Dec 2022 08:11:26 -0800
X-Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com
 [209.85.167.44])
 by mx.groups.io with SMTP id smtpd.web10.5487.1670602278804047469
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:26 -0800
X-Received: by mail-lf1-f44.google.com with SMTP id 1so7768466lfz.4
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:25 -0800 (PST)
X-Gm-Message-State: o2IrCNdzvavSp1dkAwfv3SR0x1787277AA=
X-Google-Smtp-Source: 
 AA0mqf7wBdxNtfi1BxAC4zUL6URrJr1FqCXPh4ucnCr+zrdbWoluoZs9BjbDPLGSRbDOH1YbFhWUog==
X-Received: by 2002:ac2:43d8:0:b0:4ab:7f8d:472 with SMTP id
 u24-20020ac243d8000000b004ab7f8d0472mr1547267lfl.65.1670602284986;
        Fri, 09 Dec 2022 08:11:24 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:24 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 10/12] Ext4Pkg: Check that
 source file is directory in Ext4OpenInternal
Date: Fri,  9 Dec 2022 22:11:02 +0600
Message-Id: <20221209161104.70220-11-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602286;
 bh=0EW1Nb1Zhc2LXlfpoKR2/psZk3eRspUi1pwj7vtZ0uI=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=QAx5O68MafnIiWfUd9cFOZLYx7DopjKb2dV/enV+e5tTi+R1NDPXJ62W/AwtnzIuhuw
 MELPcotegxBciukgphBVJaj3xiwODyA/GrWPrOc0xxK/ez2RpLgecTf2SyXBlwSMgvpdC
 vIEFq6wVsdPyQpFPczXqxbW9tAysNfZS+R0=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602287705100004
Content-Type: text/plain; charset="utf-8"

This check already present in the while loop below, but absent for cases
when input file is nameless, so to handle assertion in Ext4ReadFile we
need to add it at the top of function

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/File.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/File.c b/Features/Ext4Pkg/Ext4Dxe/Fil=
e.c
index b4ed78847258..2d76e1818021 100644
--- a/Features/Ext4Pkg/Ext4Dxe/File.c
+++ b/Features/Ext4Pkg/Ext4Dxe/File.c
@@ -207,6 +207,11 @@ Ext4OpenInternal (
   Level     =3D 0;

=20

   DEBUG ((DEBUG_FS, "[ext4] Ext4OpenInternal %s\n", FileName));

+

+  if (!Ext4FileIsDir (Current)) {

+    return EFI_INVALID_PARAMETER;

+  }

+

   // If the path starts with a backslash, we treat the root directory as t=
he base directory

   if (FileName[0] =3D=3D L'\\') {

     FileName++;

@@ -219,6 +224,10 @@ Ext4OpenInternal (
       return EFI_ACCESS_DENIED;

     }

=20

+    if (!Ext4FileIsDir (Current)) {

+      return EFI_INVALID_PARAMETER;

+    }

+

     // Discard leading path separators

     while (FileName[0] =3D=3D L'\\') {

       FileName++;

@@ -242,10 +251,6 @@ Ext4OpenInternal (
=20

     DEBUG ((DEBUG_FS, "[ext4] Opening %s\n", PathSegment));

=20

-    if (!Ext4FileIsDir (Current)) {

-      return EFI_INVALID_PARAMETER;

-    }

-

     if (!Ext4IsLastPathSegment (FileName)) {

       if (!Ext4DirCanLookup (Current)) {

         return EFI_ACCESS_DENIED;

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97200): https://edk2.groups.io/g/devel/message/97200
Mute This Topic: https://groups.io/mt/95563284/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97201+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97201+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602288; cv=none;
	d=zohomail.com; s=zohoarc;
	b=dlCwd18uCK+V4AWiN+izSyMEExVh4KQbg/6IL0FHbi04TzKycui7TthMh+yoWP2ZHV1HP2VgyfNmbWzz2eoo28EipsAwgFkzThyxUeiPFK6yYoZCes+6IHzo1BGBZls/Vlz/DSObECV9/yIxM1IiKQPTHoKFdcHn6QsD8hxM050=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602288;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=euE5PWNIabhlsPAg5CJK1sKD6qBzPPvYj9frmmvfOeE=;
	b=XNUmVYUj8+un0+9srjWkQuVlX3VkECR1Z8nYTq/rGKZX0V7e4dUmYQauJsYi6Z7VKtyNPvA7/e6g9scnG0euYT4SoaMUnSzjjAPpOkiOEh81mP3hWlDiRYs05oG12T27R8ABaUlTzy0VB7ptf81sfeaFxtO2lYqG94LYBQ4AMUs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97201+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602288805446.9119277336089;
 Fri, 9 Dec 2022 08:11:28 -0800 (PST)
Return-Path: <bounce+27952+97201+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id z4wsYY1788612xCgYzVNpgl0;
 Fri, 09 Dec 2022 08:11:28 -0800
X-Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com
 [209.85.167.53])
 by mx.groups.io with SMTP id smtpd.web11.5559.1670602275517869580
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:27 -0800
X-Received: by mail-lf1-f53.google.com with SMTP id c1so7768099lfi.7
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:26 -0800 (PST)
X-Gm-Message-State: 0QcMuDljJxIPb13QwSTpgAQ5x1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4QtRsT3lxb5l6bO+3cGvnhnaU7k+K1dI5uXejFUILUmkRBRVmG7jPNQi1n+wT/InkX/LvQlQ==
X-Received: by 2002:ac2:569e:0:b0:4b5:29fe:86c with SMTP id
 30-20020ac2569e000000b004b529fe086cmr1338975lfr.17.1670602286113;
        Fri, 09 Dec 2022 08:11:26 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:25 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 11/12] Ext4Pkg: Check
 VolumeName allocation correctness in Ext4GetVolumeName
Date: Fri,  9 Dec 2022 22:11:03 +0600
Message-Id: <20221209161104.70220-12-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602288;
 bh=8x2caz988gJdp4IiBoA40WHvITYUumNzN0XD6kLsj2A=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=uvgnXTKD0Mf28XRYJD1F3Gr3508PFvgvqpHXOnVfKSUC4/+Pd4vlhDtXCTmRCXSRdxE
 rGvx+5YCNCNf0FnteUFRamD4b6d0wd5NWZ3z7VhZ8KtXI5AkOUTjEkbUlPeQCUWqj+sTT
 c9eo5qAlOKCKitVWLJYCvTQAGwWsRN4Uiok=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602289687100013
Content-Type: text/plain; charset="utf-8"

Missing check in some cases leads to failed StrCpyS call in
Ext4GetVolumeLabelInfo. Also correct condition that checks Inode pointer
for being NULL in Ext4AllocateInode

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/File.c  | 10 ++++++++--
 Features/Ext4Pkg/Ext4Dxe/Inode.c |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/File.c b/Features/Ext4Pkg/Ext4Dxe/Fil=
e.c
index 2d76e1818021..7939fcd3acef 100644
--- a/Features/Ext4Pkg/Ext4Dxe/File.c
+++ b/Features/Ext4Pkg/Ext4Dxe/File.c
@@ -726,7 +726,11 @@ Ext4GetVolumeName (
=20

     VolNameLength =3D StrLen (VolumeName);

   } else {

-    VolumeName    =3D AllocateZeroPool (sizeof (CHAR16));

+    VolumeName =3D AllocateZeroPool (sizeof (CHAR16));

+    if (VolumeName =3D=3D NULL) {

+      return EFI_OUT_OF_RESOURCES;

+    }

+

     VolNameLength =3D 0;

   }

=20

@@ -793,7 +797,9 @@ Ext4GetFilesystemInfo (
   Info->VolumeSize =3D MultU64x32 (TotalBlocks, Part->BlockSize);

   Info->FreeSpace  =3D MultU64x32 (FreeBlocks, Part->BlockSize);

=20

-  StrCpyS (Info->VolumeLabel, VolNameLength + 1, VolumeName);

+  Status =3D StrCpyS (Info->VolumeLabel, VolNameLength + 1, VolumeName);

+

+  ASSERT_EFI_ERROR (Status);

=20

   FreePool (VolumeName);

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/Inode.c b/Features/Ext4Pkg/Ext4Dxe/In=
ode.c
index 5ccb4d2bfc42..2977238d687c 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Inode.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Inode.c
@@ -230,7 +230,7 @@ Ext4AllocateInode (
=20

   Inode =3D AllocateZeroPool (InodeSize);

=20

-  if (!Inode) {

+  if (Inode =3D=3D NULL) {

     return NULL;

   }

=20

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97201): https://edk2.groups.io/g/devel/message/97201
Mute This Topic: https://groups.io/mt/95563285/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue Feb 10 23:53:11 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97202+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97202+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670602289; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QRy5UXggxyt1x1hN5RC5DEWRd3crRASCILv7NPA6WkswO1m60PxmpsMx6u49RnjBEog4TDuKHn9F/HkvAw9RS09fQa632roOB2z9iE9xs+Ip3EP/7lskRUx+xQP9HCr0Ge4yVxbGsdGclAP9h1/yKpBLy7HCPNjlCPtO2HDnMH4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670602289;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=ACm2kvPBuHLgQP60jIPXc7nPaT56j0N8JtuxiwkE2jQ=;
	b=nTbTYT1a978EEqITUrQNriI9DGw4sNU/sVYBLGS+w2A3vBFW5Ux1pkc8MABzWplSQ3pxiN0dDksdcpjNV3EG3DuaNCaxikTLQ1+y/Sz6GjbLLeIPs83PPr/Ds2MAeDSMG0tOENpvlLK9BP5QD0ea7YVQcexMoIPE+4eiJyEF25o=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97202+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670602289666585.5753412820751;
 Fri, 9 Dec 2022 08:11:29 -0800 (PST)
Return-Path: <bounce+27952+97202+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id DFrrYY1788612x3brz2Q8iRZ;
 Fri, 09 Dec 2022 08:11:29 -0800
X-Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com
 [209.85.167.46])
 by mx.groups.io with SMTP id smtpd.web11.5560.1670602276434237032
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:28 -0800
X-Received: by mail-lf1-f46.google.com with SMTP id cf42so7801958lfb.1
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:27 -0800 (PST)
X-Gm-Message-State: ISZJ5YOV6HODQWamZZ3NRGjSx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf4GLThTMV7Qa6TXq0x50lSYn13A8gI0iJHbuEYJqIydMkPWe3mpeRHurPiM1MpP2to7OtNDZg==
X-Received: by 2002:a05:6512:1698:b0:4af:ac78:2602 with SMTP id
 bu24-20020a056512169800b004afac782602mr2795286lfb.29.1670602287211;
        Fri, 09 Dec 2022 08:11:27 -0800 (PST)
X-Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id
 v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:26 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v1 12/12] Ext4Pkg: Add missing
 exit Status in Ext4OpenDirent
Date: Fri,  9 Dec 2022 22:11:04 +0600
Message-Id: <20221209161104.70220-13-savvamtr@gmail.com>
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670602289;
 bh=j3RDyO4p6nq8P8VCmFyDEAAOZWd8l2h+9yAs9A5u2cc=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=f9PKPfcmgbAqtDSdt6kK6h2g2TEL5ziTvjRNmJ8SnbCNDEPdp/LPx+uAi2vk8xLoDPY
 /jD3lHO4G9HkXhwr89AP2XduSApmTTJk/HLnDLgfVpqV158eNvyp/7N+1rrYPZUl46Fcq
 890QmdIbJag83esrKciQjCsJgKA9B/r9xao=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670602291714100021
Content-Type: text/plain; charset="utf-8"

Missing EFI_OUT_OF_RESOURCES exit status on failed Ext4CreateDentry
leads to NULL-pointer dereference in Ext4GetFileInfo (passing NULL
buffer in Ext4ReadDir)

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Directory.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx=
e/Directory.c
index ff476c8641e8..efdce1477246 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Directory.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c
@@ -260,7 +260,8 @@ Ext4OpenDirent (
   } else {

     File->Dentry =3D Ext4CreateDentry (FileName, Directory->Dentry);

=20

-    if (!File->Dentry) {

+    if (File->Dentry =3D=3D NULL) {

+      Status =3D EFI_OUT_OF_RESOURCES;

       goto Error;

     }

   }

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97202): https://edk2.groups.io/g/devel/message/97202
Mute This Topic: https://groups.io/mt/95563286/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-