From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) by mx.groups.io with SMTP id smtpd.web11.44813.1670856051897187736 for ; Mon, 12 Dec 2022 06:40:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=AgWQu4oY; spf=pass (domain: gmail.com, ip: 209.85.167.44, mailfrom: savvamtr@gmail.com) Received: by mail-lf1-f44.google.com with SMTP id z26so1060789lfu.8 for ; Mon, 12 Dec 2022 06:40:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=VkMqqSyY8dVSFkUMeD13IQpKotr7DSJxvpoSIFXm1ys=; b=AgWQu4oYgZ/WZ7gKl4wfxLokU27Rb0WPTd0GscZubWjA7CT1aFQqcvPg2SkglKxfcm tG0pZfDQplRXLqTPYeTXjBQ/ftGyqwoxS0/mTfxq6nkG6nJttkAxdJojndbbHQJcJB8Q YSyGFMocFyw+/uDVSvruRviqqH35Su0SlPOoI2o0dGYDOk8dhCi/ToOg6Jl/o1UO/EQQ 7z5oDuK5jSFJUQ8Me7bYk9VQisPLjRb19HnEvfUHMgRUeO3BEfqtReft06nGCETLMo2D 9Rajv/wMeCONR3W+/Sd1jwwNXDavCJHDmpIKi/rD2O4po7yLLI0ex0hNPObV4g5xnkV+ WEXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VkMqqSyY8dVSFkUMeD13IQpKotr7DSJxvpoSIFXm1ys=; b=poCpf8IhlEIFpf/wry3KPaJsUpyq6OfsbCLGr8wTFkdVX6nA6IsJ1dJxKL1jXMDCek Ee5StGSUpGf26Sb5x7Oj9X2VOXyBaa6ivA2ULYppriqtoWkiYTMDt1eLntRUy8fcGoEi aVcInswNNA3rLbfmXHtTxu6kBf0SAbV0hYIMx3D6tsuJsapP39NAjFBfJLbRZAjOt8Ug p3+/87I4SY8xO55aeLUADUKEbIqEyhoEhB28x3DYln+8QaeHG4bbiyBOcv4ymNzUz9Iz Yo02yPoL+ymnwyu5fweOm2pVnv6Qe4S6Qa5vBoe9eOAP4d06i2M2ouMI5LTKWxFqGJW4 NUxw== X-Gm-Message-State: ANoB5pn/i+I2CrqJtro629dp1iGkPQyOaImvVnKwToo+Cn7kiBY2u0IS HayAdPVpJaxjmbyYG/mBYAo= X-Google-Smtp-Source: AA0mqf4haKKs0HOKCdta/2RpLl4rUU09pQeAdmpvwvsO0Z4aAFNSXAWkjmHtZ/+dBfNUyzfCyuUlwg== X-Received: by 2002:a05:6512:22d2:b0:4b1:97ba:5716 with SMTP id g18-20020a05651222d200b004b197ba5716mr5824726lfu.0.1670856049984; Mon, 12 Dec 2022 06:40:49 -0800 (PST) Return-Path: Received: from smtpclient.apple ([77.221.215.144]) by smtp.gmail.com with ESMTPSA id b34-20020a0565120ba200b004b48cc444ccsm1678628lfv.100.2022.12.12.06.40.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Dec 2022 06:40:49 -0800 (PST) From: "Savva Mitrofanov" Message-Id: Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\)) Subject: Re: [edk2-platforms][PATCH v1 00/12] Ext4Pkg: Code correctness and security improvements Date: Mon, 12 Dec 2022 20:40:47 +0600 In-Reply-To: Cc: devel@edk2.groups.io, mhaeuser@posteo.de, =?utf-8?B?0JLQuNGC0LDQu9C40Lkg0K7RgNGM0LXQstC40Ycg0KfQtdC/0YbQvtCy?= To: Pedro Falcato References: <20221209161104.70220-1-savvamtr@gmail.com> X-Mailer: Apple Mail (2.3696.120.41.1.1) Content-Type: multipart/alternative; boundary="Apple-Mail=_F34BCBD3-AB50-46AA-AB80-FBBA23A519FA" --Apple-Mail=_F34BCBD3-AB50-46AA-AB80-FBBA23A519FA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi!=20 Thanks for your review, I did changes in my branch of edk2-platforms and = will send corrected patchset soon. Best regards, Savva Mitrofanov > On 10 Dec 2022, at 04:28, Pedro Falcato = wrote: >=20 > On Fri, Dec 9, 2022 at 4:11 PM Savva Mitrofanov > wrote: > Hi all, >=20 > This patchset fixes several code problems found by fuzzing Ext4Dxe = like > buffer and integer overflows, memory leaks, logic bugs and so on. >=20 > REF: https://github.com/savvamitrofanov/edk2-platforms/tree/master = >=20 > Cc: Marvin H=C3=A4user > > Cc: Pedro Falcato > > Cc: Vitaly Cheptsov > >=20 > Savva Mitrofanov (12): > Ext4Pkg: Fix memory leak in Ext4RetrieveDirent > Ext4Pkg: Move EXT4_NAME_MAX definition to Ext4Disk.h > Ext4Pkg: Fix global buffer overflow in Ext4ReadDir > Ext4Pkg: Fix incorrect checksum metadata feature check > Ext4Pkg: Fix division by zero by adding check for s_inodes_per_group > Ext4Pkg: Add comparison between Position and FileSize in > Ext4SetPosition > Ext4Pkg: Add inode number validity check > Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock > Ext4Pkg: Correct integer overflow check on multiplication in = DiskUtil > Ext4Pkg: Check that source file is directory in Ext4OpenInternal > Ext4Pkg: Check VolumeName allocation correctness in = Ext4GetVolumeName > Ext4Pkg: Add missing exit Status in Ext4OpenDirent >=20 > Hi! >=20 > Thanks for the patches (and the fuzzing!). They all mostly lgtm, just = some small nits. Please fix them so I can test and merge. >=20 > Also, could you add a Fixes tag to each patch (like in the LKML and = elsewhere in OVMF) so we can more easily track what each patch fixes? = Using something simple like the oldest git blame of what you're fixing = should be enough in this case, no need for git bisect. I just want to = establish a good, clean track record here for me and for downstream = users to better know what they need to pick up! >=20 > Thanks, > Pedro --Apple-Mail=_F34BCBD3-AB50-46AA-AB80-FBBA23A519FA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi! 

Thanks for your review, I did changes in my branch of = edk2-platforms and will send corrected patchset soon.

Best regards,
Savva Mitrofanov

On 10 Dec 2022, at 04:28, Pedro = Falcato <pedro.falcato@gmail.com> wrote:

On Fri, Dec 9, 2022 at 4:11 PM = Savva Mitrofanov <savvamtr@gmail.com> wrote:
Hi all,

This patchset fixes several code problems found by fuzzing Ext4Dxe = like
buffer and integer overflows, memory leaks, logic bugs and so on.

REF: https://github.com/savvamitrofanov/edk2-platforms/tree/master

Cc: Marvin H=C3=A4user <
mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
=
Savva Mitrofanov (12):
  Ext4Pkg: Fix memory leak in Ext4RetrieveDirent
  Ext4Pkg: Move EXT4_NAME_MAX definition to Ext4Disk.h
=   Ext4Pkg: Fix global buffer overflow in Ext4ReadDir
  Ext4Pkg: Fix incorrect checksum metadata feature check
  Ext4Pkg: Fix division by zero by adding check for = s_inodes_per_group
  Ext4Pkg: Add comparison between Position and FileSize in
    Ext4SetPosition
  Ext4Pkg: Add inode number validity check
  Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock
  Ext4Pkg: Correct integer overflow check on multiplication in = DiskUtil
  Ext4Pkg: Check that source file is directory in = Ext4OpenInternal
  Ext4Pkg: Check VolumeName allocation correctness in = Ext4GetVolumeName
  Ext4Pkg: Add missing exit Status in Ext4OpenDirent

Hi!

Thanks for the patches (and the fuzzing!). They all mostly = lgtm, just some small nits. Please fix them so I can test and = merge.

Also, = could you add a Fixes tag to each patch (like in the LKML and elsewhere = in OVMF) so we can more easily track what each patch fixes? Using = something simple like the oldest git blame of what you're fixing should = be enough in this case, no need for git bisect. I just want to establish = a good, clean track record here for me and for downstream users to = better know what they need to pick up!

Thanks,
Pedro

= --Apple-Mail=_F34BCBD3-AB50-46AA-AB80-FBBA23A519FA--