Skip to content

plougher/squashfs-tools

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 12 tags
Code

Latest commit

@plougher
plougher xattrs: more sanity checking when reading xattr metadata
c5a8619 May 6, 2023
xattrs: more sanity checking when reading xattr metadata 
The kernel syszbot exploit
[syzbot] [squashfs?] KASAN: slab-out-of-bounds Write in squashfs_readahead
https://lore.kernel.org/all/0000000000009ea81a05f909a529@google.com/

contains a filesystem which causes Mksquashfs to SegV reading the
xattr metadata when appending.  This will also cause Unsquashfs to
SegV when reading the xattr metadata, however, because Unsquashfs
only reads the corrupted xattr metadata when writing the xattrs to
the output filesystem, it discovers and aborts on another filesystem
corruption issue before this happens.

Reading the entire xattr metadata is done first by Mksquashfs when
appending which is why it hits this filesystem corruption first.

The SegV is caused by a corrupted xattrs_id[i].count, which is much
larger than it should be.  This causes the code to run past the end
of the decompressed xattr metadata buffer.

This patch fixes this by checking that the code doesn't run past the
end of the buffer.  In doing so it sanity checks xattrs_id[i].count,
and the values of entry.size and val.vsize when reading the
xattr metadata.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
c5a8619

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
RELEASE-READMEs
Move pseudo-file.example into examples dir
March 17, 2023 18:09
examples
Move pseudo-file.example into examples dir
March 17, 2023 18:09
generate-manpages
manpages: current memory usage no longer reported in help text
March 16, 2023 23:01
kernel
Restructure kernel and kernel-2.4 into a single directory
August 19, 2019 05:15
manpages
manpages: generate prebuilt release manpages
March 17, 2023 03:54
squashfs-tools
xattrs: more sanity checking when reading xattr metadata
May 6, 2023 03:07
.gitattributes
Update .gitattributes to ignore old READMEs/USAGE etc.
March 17, 2023 18:15
ACKNOWLEDGEMENTS
Squashfs-tools 4.4 release
August 29, 2019 02:58
ACTIONS-README
ACTIONS-README: add new extended attribute actions
March 5, 2023 23:30
CHANGES
CHANGES: update for 4.6.1 release
April 20, 2023 15:58
COPYING
GPL 2.0 license file - aka COPYING file
August 8, 2014 01:11
INSTALL
INSTALL: Remove version as it is unnecessary
March 9, 2022 20:48
README
Update README
April 6, 2023 03:26
README-4.5
README-4.5: Update for 4.5 release
July 22, 2021 20:16
README-4.5.1
Add README for 4.5.1
March 10, 2022 00:13
README-4.6
README-4.6: final improvements
March 17, 2023 18:02
TECHNICAL-INFO
Add TECHNICAL-INFO
March 17, 2023 17:43
USAGE
USAGE: Update USAGE file
March 9, 2022 21:02
USAGE-4.6
USAGE-4.6: remove the URLs
March 17, 2023 07:29
USAGE-MKSQUASHFS-4.6
USAGE-*: refresh due to help text changes
March 16, 2023 23:16
USAGE-SQFSCAT-4.6
USAGE-SQFSCAT-4.6: remove repeated word
March 5, 2023 22:40
USAGE-SQFSTAR-4.6
USAGE-*: refresh due to help text changes
March 16, 2023 23:16
USAGE-UNSQUASHFS-4.6
USAGE-*: refresh due to help text changes
March 16, 2023 23:16

README 

NEWS
----

Squashfs-tools 4.6.1 released (25th March 2023)

If you like the recent releases please "star" the
project.  It will be nice to get 512 stars or
more.

Thanks

About

tools to create and extract Squashfs filesystems

Topics

linux compression tarball filesystem tar archiving zstd squashfs lzo mkfs mksquashfs squashfs-image

Resources

Readme

License

GPL-2.0 license

Stars

516 stars

Watchers

22 watching

Forks

169 forks
Report repository

Releases 3

Squashfs tools 4.6.1 Latest
Mar 25, 2023
+ 2 releases

Packages

No packages published

Contributors 33

+ 22 contributors

Languages