Hi Miquel,
Am Mittwoch, 17. Juli 2024, 10:06:35 CEST schrieb 'Miquel Raynal' via upstream:
Hi Richard,
richard@nod.at wrote on Fri, 12 Jul 2024 10:23:44 +0200:
The squashfs driver blindly follows symlinks, and calls sqfs_size() recursively. So an attacker can create a crafted filesystem and with a deep enough nesting level a stack overflow can be achieved.
Fix by limiting the nesting level to 8.
As this is I believe an arbitrary value, could we define this value somewhere and flag it with a comment as "arbitrary" with some details from the commit log? Right now the value '8' is hardcoded at least in 3 different places.
I stole the value from the ext4 code. Since U-Boot lacks a common filesystem code, there will be always duplication. I can happily add a common define for the value.
Also, 8 seems rather small, any reason for choosing that? I believe this is easy to cross even in non-evil filesystems and could perhaps be (again, arbitrarily) increased a bit?
For ext4 the value seems okay. So dunno. :-)
Thanks, //richard