From 8b6e67bcd9f4498a66422c98a3b36b9fe9dc0371 Mon Sep 17 00:00:00 2001 From: vit9696 Date: Thu, 12 Jan 2023 13:31:47 +0300 Subject: [PATCH] Ext4Pkg: Filter out file names containing \0 as invalid This patch improves checks added in 74135485. Signed-off-by: Vitaly Cheptsov --- Ext4Pkg/Ext4Dxe/Directory.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/Ext4Pkg/Ext4Dxe/Directory.c b/Ext4Pkg/Ext4Dxe/Directory.c index efdce14772..a0ddd03da7 100644 --- a/Ext4Pkg/Ext4Dxe/Directory.c +++ b/Ext4Pkg/Ext4Dxe/Directory.c @@ -26,10 +26,19 @@ Ext4GetUcs2DirentName ( ) { CHAR8 Utf8NameBuf[EXT4_NAME_MAX + 1]; + UINTN Index; UINT16 *Str; EFI_STATUS Status; - CopyMem (Utf8NameBuf, Entry->name, Entry->name_len); + for (Index = 0; Index < Entry->name_len; ++Index) + { + if (Entry->name[Index] == '\0') + { + return EFI_INVALID_PARAMETER; + } + + Utf8NameBuf[Index] = Entry->name[Index]; + } Utf8NameBuf[Entry->name_len] = '\0'; @@ -496,12 +505,14 @@ Ext4ReadDir ( // Entry.name_len may be 0 if it's a nameless entry, like an unused entry // or a checksum at the end of the directory block. - IsDotOrDotDot = Entry.name_len <= 2 && - ((Entry.name[0] == '.') && - (Entry.name[1] == '.' || Entry.name[1] == '\0')); + // memcmp (and CompareMem) return 0 when the passed length is 0. - // When inode = 0, it's unused. - ShouldSkip = Entry.inode == 0 || IsDotOrDotDot; + IsDotOrDotDot = Entry.name_len <= 2 && + CompareMem (Entry.name, "..", Entry.name_len) == 0; + + // When inode = 0, it's unused. When name_len == 0, it's a nameless entry + // (which we should not expose to ReadDir). + ShouldSkip = Entry.inode == 0 || Entry.name_len == 0 || IsDotOrDotDot; if ((Entry.inode != 0) && !EXT4_IS_VALID_INODE_NR (Partition, Entry.inode)) { DEBUG ((DEBUG_ERROR, "[ext4] Ext4ReadDir directory entry inode number %u isn't valid\n", Entry.inode));