New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Malformed ISO file hangs bsdtar #522

Closed
kwrobot opened this Issue Apr 11, 2015 · 3 comments

Comments

Projects
None yet
2 participants
@kwrobot

kwrobot commented Apr 11, 2015

Original issue 414 created by Google Code user hanno@hboeck.de on 2015-03-05T13:15:27.000Z:

Attached file will cause an endless (or at least very long) loop in bsdtar. It's a malformed iso file.

Found with american fuzzy lop.

See attachment: hang.iso

@kientzle

This comment has been minimized.

Show comment
Hide comment
@kientzle

kientzle Apr 11, 2015

Contributor

The file in question has a directory that is a member of itself. bsdtar is trying to descend the resulting infinite directory tree. It should eventually fail with an error when you hit libarchive's (very large) limits on total path length.

The ideal fix would track directories and fail if there was a loop. Until someone can implement that, a simple depth limit would help guard against this case.

Contributor

kientzle commented Apr 11, 2015

The file in question has a directory that is a member of itself. bsdtar is trying to descend the resulting infinite directory tree. It should eventually fail with an error when you hit libarchive's (very large) limits on total path length.

The ideal fix would track directories and fail if there was a loop. Until someone can implement that, a simple depth limit would help guard against this case.

kientzle added a commit that referenced this issue Apr 12, 2015

Issue #522: Dir loop in malformed ISO causes segfault
Github Issue #522 revealed that we could blow the stack
when recursing to assemble ISO paths.  I saw this happen
at 130,000 dir levels.  This patch addresses this by limiting
the directory recursion to 1,000 elements.

TODO:  It would be even better to track and detect the dir loop
directly.
@kientzle

This comment has been minimized.

Show comment
Hide comment
@kientzle

kientzle Apr 12, 2015

Contributor

I've committed a fix to limit the depth to 1,000 directory levels. With that change, the malformed ISO given here causes bsdtar to cleanly exit with an error: "Pathname too long."

[master 39fc593] Issue #522: Dir loop in malformed ISO causes segfault

Contributor

kientzle commented Apr 12, 2015

I've committed a fix to limit the depth to 1,000 directory levels. With that change, the malformed ISO given here causes bsdtar to cleanly exit with an error: "Pathname too long."

[master 39fc593] Issue #522: Dir loop in malformed ISO causes segfault

@kientzle

This comment has been minimized.

Show comment
Hide comment
@kientzle

kientzle Apr 12, 2015

Contributor

[master 01cfbca] Github Issue #522: Detect cycles in the ISO directory tree

I believe this completely fixes the issue. Thank you for all your help!

Contributor

kientzle commented Apr 12, 2015

[master 01cfbca] Github Issue #522: Detect cycles in the ISO directory tree

I believe this completely fixes the issue. Thank you for all your help!

@kientzle kientzle closed this Apr 12, 2015

brooksdavis added a commit to brooksdavis/libarchive that referenced this issue May 14, 2015

Issue #522: Dir loop in malformed ISO causes segfault
Github Issue #522 revealed that we could blow the stack
when recursing to assemble ISO paths.  I saw this happen
at 130,000 dir levels.  This patch addresses this by limiting
the directory recursion to 1,000 elements.

TODO:  It would be even better to track and detect the dir loop
directly.

brooksdavis added a commit to brooksdavis/libarchive that referenced this issue May 14, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment