zfs/module
c1ick ec580bc520
zfs: add bounds checking to zil_parse (#16308)
Make sure log record don't stray beyond valid memory region.

There is a lack of verification of the space occupied by fixed members
of lr_t in the zil_parse.

We can create a crafted image to trigger an out of bounds read by
following these steps:
    1) Do some file operations and reboot to simulate abnormal exit
       without umount
    2) zil_chain.zc_nused: 0x1000
    3) First lr_t
       lr_t.lrc_txtype: 0x0
       lr_t.lrc_reclen: 0x1000-0xb8-0x1
       lr_t.lrc_txg: 0x0
       lr_t.lrc_seq: 0x1
    4) Update checksum in zil_chain.zc_eck

Fix:
Add some checks to make sure the remaining bytes are large enough to
hold an log record.

Signed-off-by: XDTG <click1799@163.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
2024-07-31 17:17:04 -07:00
..
avl Suppress Clang Static Analyzer false positive in the AVL tree code. 2023-03-08 13:51:21 -08:00
icp icp: remove redundant FreeBSD check 2024-05-31 15:13:59 -07:00
lua LUA: Backport CVE-2020-24370's patch 2024-02-07 11:53:05 -08:00
nvpair xdr: header cleanup 2024-04-03 15:13:27 -07:00
os Linux: Report reclaimable memory to kernel as such (#16385) 2024-07-30 11:40:47 -07:00
unicode Illumos #15286: do_composition() needs sign awareness 2023-01-05 11:16:21 -08:00
zcommon ddt: add support for prefetching tables into the ARC 2024-07-26 09:16:18 -07:00
zfs zfs: add bounds checking to zil_parse (#16308) 2024-07-31 17:17:04 -07:00
zstd zstd: don't call zstd_mempool_reap if there are no buffers (#16302) 2024-07-15 14:51:37 -07:00
.gitignore FreeBSD: Ignore symlink to i386 includes 2022-08-02 16:34:23 -07:00
Kbuild.in Linux 6.9: Fix UBSAN errors in sa.c (#16380) 2024-07-23 17:13:04 -07:00
Makefile.bsd Makefile.bsd: sort and cleanup source file list 2024-04-03 15:49:22 -07:00
Makefile.in check-zstd-symbols: also ignore __pfx_ symbols 2023-09-18 09:08:41 -07:00