Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malformed ISO file hangs bsdtar #522

Closed
kwrobot opened this issue Apr 11, 2015 · 3 comments
Closed

Malformed ISO file hangs bsdtar #522

kwrobot opened this issue Apr 11, 2015 · 3 comments
Labels
os:all Priority-Medium type:bug

Comments

@kwrobot
Copy link

kwrobot commented Apr 11, 2015

Original issue 414 created by Google Code user hanno@hboeck.de on 2015-03-05T13:15:27.000Z:

Attached file will cause an endless (or at least very long) loop in bsdtar. It's a malformed iso file.

Found with american fuzzy lop.

See attachment: hang.iso
@kientzle
Copy link
Contributor

The file in question has a directory that is a member of itself. bsdtar is trying to descend the resulting infinite directory tree. It should eventually fail with an error when you hit libarchive's (very large) limits on total path length.

The ideal fix would track directories and fail if there was a loop. Until someone can implement that, a simple depth limit would help guard against this case.

kientzle added a commit that referenced this issue Apr 12, 2015
@kientzle
Issue #522: Dir loop in malformed ISO causes segfault
39fc593 
Github Issue #522 revealed that we could blow the stack
when recursing to assemble ISO paths.  I saw this happen
at 130,000 dir levels.  This patch addresses this by limiting
the directory recursion to 1,000 elements.

TODO:  It would be even better to track and detect the dir loop
directly.
@kientzle
Copy link
Contributor

I've committed a fix to limit the depth to 1,000 directory levels. With that change, the malformed ISO given here causes bsdtar to cleanly exit with an error: "Pathname too long."

[master 39fc593] Issue #522: Dir loop in malformed ISO causes segfault

kientzle added a commit that referenced this issue Apr 12, 2015
@kientzle
Github Issue #522: Detect cycles in the ISO directory tree
01cfbca
@kientzle
Copy link
Contributor

[master 01cfbca] Github Issue #522: Detect cycles in the ISO directory tree

I believe this completely fixes the issue. Thank you for all your help!

brooksdavis pushed a commit to brooksdavis/libarchive that referenced this issue May 14, 2015
@kientzle @brooksdavis
Issue libarchive#522: Dir loop in malformed ISO causes segfault
d7953c4 
Github Issue libarchive#522 revealed that we could blow the stack
when recursing to assemble ISO paths.  I saw this happen
at 130,000 dir levels.  This patch addresses this by limiting
the directory recursion to 1,000 elements.

TODO:  It would be even better to track and detect the dir loop
directly.
brooksdavis pushed a commit to brooksdavis/libarchive that referenced this issue May 14, 2015
@kientzle @brooksdavis
Github Issue libarchive#522: Detect cycles in the ISO directory tree
77a01ef
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os:all Priority-Medium type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kwrobot @kientzle