lib: Bail on xattr names > XATTR_NAME_MAX by cgwalters · Pull Request #314 · composefs/composefs

cgwalters · 2024-08-17T20:08:32Z

Just more of me poking randomly at mkcomposefs. Yes, we clearly
need to wire up a fuzzer.

In this case, we have a check for xattr value length but would
happily accept a key of any arbitrary length, generating
a corrupted EROFS blob. fsck.erofs detects this.

Signed-off-by: Colin Walters walters@verbum.org

- We were missing a meson invocation; add it - Pass the locally built binary path - Add an output file (oops) - Don't `cd` to the test dir since that breaks the relative path to the input file Signed-off-by: Colin Walters <walters@verbum.org>

Just more of me poking randomly at mkcomposefs. Yes, we clearly need to wire up a fuzzer. In this case, we have a check for xattr value length but would happily accept a key of any arbitrary length, generating a corrupted EROFS blob. `fsck.erofs` detects this. Signed-off-by: Colin Walters <walters@verbum.org>

cgwalters marked this pull request as ready for review August 17, 2024 20:08

cgwalters force-pushed the more-limits branch from 476cb9d to 352ed23 Compare August 17, 2024 20:10

cgwalters mentioned this pull request Aug 17, 2024

lib: Verify mode values #315

Merged

cgwalters requested a review from alexlarsson August 19, 2024 14:10

alexlarsson approved these changes Aug 19, 2024

View reviewed changes

alexlarsson merged commit 7fe6d9d into composefs:main Aug 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lib: Bail on xattr names > XATTR_NAME_MAX#314

lib: Bail on xattr names > XATTR_NAME_MAX#314
alexlarsson merged 2 commits intocomposefs:mainfrom
cgwalters:more-limits

cgwalters commented Aug 17, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

cgwalters commented Aug 17, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants