xfs
[Top] [All Lists]

xfs_metadump in never ending loop

To: xfs@xxxxxxxxxxx
Subject: xfs_metadump in never ending loop
From: Arkadiusz Miskiewicz <arekm@xxxxxxxx>
Date: Fri, 1 Oct 2010 21:36:47 +0200
User-agent: KMail/1.13.5 (Linux/2.6.36-rc6; KDE/4.5.1; x86_64; ; )
 
generate_obfuscated_name() in metadump.c can go into
never ending loop for some file names. Reproducer below.

Can someone look into it? Thanks.

#include <stdlib.h>
#include <dirent.h>

typedef unsigned char               uchar_t;
typedef     __uint32_t      xfs_dahash_t;

#define is_invalid_char(c)      ((c) == '/' || (c) == '\0')
#define rol32(x,y)              (((x) << (y)) | ((x) >> (32 - (y))))

static inline uchar_t
random_filename_char(void)
{
        uchar_t                 c;

        do {
                c = random() % 127 + 1;
        } while (c == '/');
        return c;
}

int main() {
        int namelen = 5, i, dup;
        xfs_dahash_t hash = 978052928;
        xfs_dahash_t newhash;
        uchar_t *name = "R\323\257NE\002\320\000";
        uchar_t newname[NAME_MAX];

        do {
                dup = 0;
                newname[0] = '/';

                for (;;) {
                        /* if the first char is a "/", preserve it */
                        i = (name[0] == '/');

                        for (newhash = 0; i < namelen - 5; i++) {
                                newname[i] = random_filename_char();
                                newhash = newname[i] ^ rol32(newhash, 7);
                        }
                        newhash = rol32(newhash, 3) ^ hash;
                        if (name[0] != '/' || namelen > 5) {
                                newname[namelen - 5] = (newhash >> 28) |
                                                (random_filename_char() & 0xf0);
                                if (is_invalid_char(newname[namelen - 5]))
                                        continue;
                        }
                        newname[namelen - 4] = (newhash >> 21) & 0x7f;
                        if (is_invalid_char(newname[namelen - 4]))
                                continue;
                        newname[namelen - 3] = (newhash >> 14) & 0x7f;
                        if (is_invalid_char(newname[namelen - 3]))
                                continue;
                        newname[namelen - 2] = (newhash >> 7) & 0x7f;
                        if (is_invalid_char(newname[namelen - 2]))
                                continue;
                        newname[namelen - 1] = ((newhash >> 0) ^
                                        (newname[namelen - 5] >> 4)) & 0x7f;
                        if (is_invalid_char(newname[namelen - 1]))
                                continue;
                        break;
                }
        } while (dup);
}

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

<Prev in Thread] Current Thread [Next in Thread>