romfs: check the dirent before use it

System will crash when the romfs is erased. Add checks before using them to avoid it.

romfs: check the dirent before use it
System will crash when the romfs is erased. Add checks before using them to avoid it.
e882597f · Grissiom · 3531fa71 · e882597f
显示空白变更内容
内联并排

Showing with 28 addition and 4 deletion

components/dfs/filesystems/romfs/dfs_romfs.c components/dfs/filesystems/romfs/dfs_romfs.c +28 -4

未找到文件。
--- a/components/dfs/filesystems/romfs/dfs_romfs.c
+++ b/components/dfs/filesystems/romfs/dfs_romfs.c
@@ -49,6 +49,14 @@ int dfs_romfs_ioctl(struct dfs_fd *file, int cmd, void *args)
 	return -DFS_STATUS_EIO;
 }
+rt_inline int check_dirent(struct romfs_dirent *dirent)
+{
+    if (!(dirent->type == ROMFS_DIRENT_FILE || dirent->type == ROMFS_DIRENT_DIR) ||
+         (dirent->size == 0 || dirent->size == ~0))
+        return -1;
+    return 0;
+}
 struct romfs_dirent *dfs_romfs_lookup(struct romfs_dirent *root_dirent, const char *path, rt_size_t *size)
 {
 	rt_size_t index, found;
@@ -56,6 +64,10 @@ struct romfs_dirent *dfs_romfs_lookup(struct romfs_dirent *root_dirent, const ch
 	struct romfs_dirent *dirent;
 	rt_size_t dirent_size;
+    /* Check the root_dirent. */
+    if (check_dirent(root_dirent) != 0)
+        return RT_NULL;
 	if (path[0] == '/' && path[1] == '\0')
 	{
 		*size = root_dirent->size;
@@ -82,6 +94,8 @@ struct romfs_dirent *dfs_romfs_lookup(struct romfs_dirent *root_dirent, const ch
 		/* search in folder */
 		for (index = 0; index < dirent_size; index ++)
 		{
+            if (check_dirent(&dirent[index]) != 0)
+                return RT_NULL;
 			if (rt_strncmp(dirent[index].name, subpath, (subpath_end - subpath)) == 0)
 			{
 				dirent_size = dirent[index].size;
@@ -133,6 +147,11 @@ int dfs_romfs_read(struct dfs_fd *file, void *buf, rt_size_t count)
 	dirent = (struct romfs_dirent *)file->data;
 	RT_ASSERT(dirent != RT_NULL);
+    if (check_dirent(dirent) != 0)
+    {
+        return -DFS_STATUS_EIO;
+    }
 	if (count < file->size - file->pos)
 		length = count;
 	else
@@ -172,6 +191,9 @@ int dfs_romfs_open(struct dfs_fd *file)
 	root_dirent = (struct romfs_dirent *)file->fs->data;
+    if (check_dirent(dirent) != 0)
+        return -DFS_STATUS_EIO;
 	if (file->flags & (DFS_O_CREAT | DFS_O_WRONLY | DFS_O_APPEND | DFS_O_TRUNC | DFS_O_RDWR))
 		return -DFS_STATUS_EINVAL;
@@ -236,6 +258,8 @@ int dfs_romfs_getdents(struct dfs_fd *file, struct dirent *dirp, rt_uint32_t cou
 	struct romfs_dirent *dirent, *sub_dirent;
 	dirent = (struct romfs_dirent *)file->data;
+    if (check_dirent(dirent) != 0)
+        return -DFS_STATUS_EIO;
 	RT_ASSERT(dirent->type == ROMFS_DIRENT_DIR);
 	/* enter directory */