From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54])
 by mx.groups.io with SMTP id smtpd.web10.5489.1670602282281433718
 for <devel@edk2.groups.io>;
 Fri, 09 Dec 2022 08:11:22 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=eUhCgCWK;
 spf=pass (domain: gmail.com, ip: 209.85.167.54, mailfrom: savvamtr@gmail.com)
Received: by mail-lf1-f54.google.com with SMTP id b13so7776569lfo.3
        for <devel@edk2.groups.io>; Fri, 09 Dec 2022 08:11:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=sthi4IbnEu3g6ULkB49MM1Y0UL3dQpQ6MrbMSKnMfpY=;
        b=eUhCgCWKCvsGqhOs4Etmrqz/CqQxpQmr005jAAkikUwzoDG9ufakB+WrbBo2HMIfbm
         lV0B4Y0aSaIT54l4J73G+4F0vNijJuhepoDSh08iXwHUtNT9rC1BWe3+TsXO4wxW8ogx
         AWLeoH2CRyD7BbtRTyoDuQhmX6NojqOZBqmNBwV9PZuhZDCdeWblnSi2MpHPizGmUFEM
         XzZ9RbFcmmDXDWMmKJEYkNpUhHOPzMumJKRsTpV3X7cdTPDLqvhqfebFy6ndgVjuBvBl
         E74HwKXX5qFAjLCYZVsb3sypFtzRllhJLJSDNSfTs3LyvzhBglMMWeU57B5gK/Y2jlUd
         vUYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=sthi4IbnEu3g6ULkB49MM1Y0UL3dQpQ6MrbMSKnMfpY=;
        b=q8gJf5SDX+fNWYgL0xEv5bCfWpdJdIyieBeWa8ea6VDFSnOXl0C2KJ+OBWxLanjCFT
         Wr7qA5qkbaxnvdzxTW7ZaE7RBN+/Rg25Tjo/FiAIR8mpw6fpXQHY3yv4AsQFZviFt7IK
         H6Q+XSpqximK6Whfg250bj5iujIXIE658NTwuqtEvllaNAkrzpzGIeo0670r0boWifw3
         CjKBNG11yMneS1YLXmKy3zdZL02fIjC37f0bFzClY3/S/s9peXByDk2YCMJgDHQbhHRF
         dhvLx58eMbXvYrvmVae9zmDMGbghvxxD+RSRZ9ZN3fzC2ankXp7nitw34gJLanNYBZjw
         i9pg==
X-Gm-Message-State: ANoB5pl9uDQBGHyf5sJgLIKFcmPJmivCyE0WUawI6v1IwyAa4UhqKZyE
	9MdIynpmDmq+dcxJEXXJOm3/XGrzUmt18mtV
X-Google-Smtp-Source: AA0mqf4xalmRQxxLe63QFxVokKz18o3D0b3Wa80ttAxs/QjJWf/Y+ulvsuTOvgufHU+B7LXO+cQIUQ==
X-Received: by 2002:a19:7b03:0:b0:4a4:68b8:f4d0 with SMTP id w3-20020a197b03000000b004a468b8f4d0mr2007656lfc.22.1670602280449;
        Fri, 09 Dec 2022 08:11:20 -0800 (PST)
Return-Path: <savvamtr@gmail.com>
Received: from localhost.localdomain ([109.194.121.139])
        by smtp.gmail.com with ESMTPSA id v5-20020a05651203a500b00492c663bba2sm318430lfp.124.2022.12.09.08.11.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Dec 2022 08:11:20 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-platforms][PATCH v1 06/12] Ext4Pkg: Add comparison between Position and FileSize in Ext4SetPosition
Date: Fri,  9 Dec 2022 22:10:58 +0600
Message-Id: <20221209161104.70220-7-savvamtr@gmail.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <20221209161104.70220-1-savvamtr@gmail.com>
References: <20221209161104.70220-1-savvamtr@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Missing such comparison leads to infinite loop states, for example code
which trying to read entire file can easily get out of bound of
file size by passing position value which exceeds file size without this
check. So we need to add there missing comparison between the desired
position to be set and file size

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h | 19 +++++++++---------
 Features/Ext4Pkg/Ext4Dxe/File.c    | 21 +++++++++++++-------
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index dde4f4cb0e06..1dcb644e3b35 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -31,7 +31,7 @@
 =0D
 #include "Ext4Disk.h"=0D
 =0D
-#define SYMLOOP_MAX    8=0D
+#define SYMLOOP_MAX  8=0D
 //=0D
 // We need to specify path length limit for security purposes, to prevent =
possible=0D
 // overflows and dead-loop conditions. Originally this limit is absent in =
FS design,=0D
@@ -715,16 +715,15 @@ Ext4GetPosition (
 /**=0D
   Sets a file's current position.=0D
 =0D
-  @param[in]  This            A pointer to the EFI_FILE_PROTOCOL instance =
that=0D
-is the file handle to set the requested position on.=0D
-  @param[in] Position        The byte position from the start of the file =
to=0D
-set.=0D
+  @param[in]  This            A pointer to the EFI_FILE_PROTOCOL instance =
that is the=0D
+                              file handle to set the requested position on=
.=0D
+  @param[in]  Position        The byte position from the start of the file=
 to set.=0D
 =0D
-  @retval EFI_SUCCESS      The position was set.=0D
-  @retval EFI_UNSUPPORTED  The seek request for nonzero is not valid on op=
en=0D
-                           directories.=0D
-  @retval EFI_DEVICE_ERROR An attempt was made to set the position of a de=
leted=0D
-file.=0D
+  @retval EFI_SUCCESS            The position was set.=0D
+  @retval EFI_INVALID_PARAMETER  The seek request for non-zero position is=
 not valid on open=0D
+                                 directories.=0D
+  @retval EFI_UNSUPPORTED        The seek request for position is exceeds =
FileSize.=0D
+  @retval EFI_DEVICE_ERROR       An attempt was made to set the position o=
f a deleted file.=0D
 =0D
 **/=0D
 EFI_STATUS=0D
diff --git a/Features/Ext4Pkg/Ext4Dxe/File.c b/Features/Ext4Pkg/Ext4Dxe/Fil=
e.c
index 04198a53bfc0..b4ed78847258 100644
--- a/Features/Ext4Pkg/Ext4Dxe/File.c
+++ b/Features/Ext4Pkg/Ext4Dxe/File.c
@@ -587,12 +587,13 @@ Ext4GetPosition (
 =0D
   @param[in]  This            A pointer to the EFI_FILE_PROTOCOL instance =
that is the=0D
                               file handle to set the requested position on=
.=0D
-  @param[in] Position        The byte position from the start of the file =
to set.=0D
+  @param[in]  Position        The byte position from the start of the file=
 to set.=0D
 =0D
-  @retval EFI_SUCCESS      The position was set.=0D
-  @retval EFI_UNSUPPORTED  The seek request for nonzero is not valid on op=
en=0D
-                           directories.=0D
-  @retval EFI_DEVICE_ERROR An attempt was made to set the position of a de=
leted file.=0D
+  @retval EFI_SUCCESS            The position was set.=0D
+  @retval EFI_INVALID_PARAMETER  The seek request for non-zero position is=
 not valid on open=0D
+                                 directories.=0D
+  @retval EFI_UNSUPPORTED        The seek request for position is exceeds =
FileSize.=0D
+  @retval EFI_DEVICE_ERROR       An attempt was made to set the position o=
f a deleted file.=0D
 =0D
 **/=0D
 EFI_STATUS=0D
@@ -603,17 +604,23 @@ Ext4SetPosition (
   )=0D
 {=0D
   EXT4_FILE  *File;=0D
+  UINT64     FileSize;=0D
 =0D
   File =3D EXT4_FILE_FROM_THIS (This);=0D
 =0D
   // Only seeks to 0 (so it resets the ReadDir operation) are allowed=0D
   if (Ext4FileIsDir (File) && (Position !=3D 0)) {=0D
-    return EFI_UNSUPPORTED;=0D
+    return EFI_INVALID_PARAMETER;=0D
   }=0D
 =0D
+  FileSize =3D EXT4_INODE_SIZE (File->Inode);=0D
+=0D
   // -1 (0xffffff.......) seeks to the end of the file=0D
   if (Position =3D=3D (UINT64)-1) {=0D
-    Position =3D EXT4_INODE_SIZE (File->Inode);=0D
+    Position =3D FileSize;=0D
+  } else if (Position > FileSize) {=0D
+    DEBUG ((DEBUG_FS, "[ext4] Ext4SetPosition Cannot seek to #%Lx of %Lx\n=
", Position, FileSize));=0D
+    return EFI_UNSUPPORTED;=0D
   }=0D
 =0D
   File->Position =3D Position;=0D
--=20
2.38.1