Page MenuHomeFreeBSD

fusefs: handle evil servers that return illegal inode numbers
ClosedPublic

Authored by asomers on May 4 2022, 11:40 PM.
Tags
None
Referenced Files
F162898844: D35128.id.diff
Sat, Jul 18, 3:14 AM
Unknown Object (File)
Wed, Jul 8, 1:01 AM
Unknown Object (File)
Wed, Jul 8, 12:29 AM
Unknown Object (File)
Sun, Jul 5, 1:05 AM
Unknown Object (File)
Fri, Jul 3, 2:56 AM
Unknown Object (File)
Thu, Jul 2, 3:31 AM
Unknown Object (File)
Thu, Jul 2, 3:31 AM
Unknown Object (File)
Thu, Jul 2, 3:31 AM
Subscribers

Details

Summary

fusefs: handle evil servers that return illegal inode numbers

  • If during FUSE_CREATE, FUSE_MKDIR, etc the server returns the same inode number for the new file as for its parent directory, reject it. Previously this would triggers a recurse-on-non-recursive lock panic.
  • If during FUSE_LINK the server returns a different inode number for the new name as for the old one, reject it. Obviously, that can't be a hard link.
  • If during FUSE_LOOKUP the server returns the same inode number for the new file as for its parent directory, reject it. Nothing good can come of this.

PR: 263662
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 2 weeks

Test Plan

tests added

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable