[PATCH 0/6] squashfs: harden against crafted metadata

[Ahmad Fatoum]

Richard reports[1] that barebox is susceptible to a number of memory safety
issues when parsing crafted squashfs files, which have been fixed in the
upstream Linux implementation in the meantime.

Import the mentioned commits from Linux to fix this:

  01cfb7937a9af ("squashfs: be more careful about metadata corruption")
  d512584780d3e ("squashfs: more metadata hardening")
  cdbb65c4c7ead ("squashfs metadata 2: electric boogaloo")
  71755ee5350b6 ("squashfs: more metadata hardening")
  a3f94cb99a854 ("Squashfs: Compute expected length from inode size rather than block length")

A full synchronization of the squashfs code is probably also in-order,
e.g. to support block sizes other than the default 128K, but
cherry-picking these changes is quite straight-forward, so let's do that
now.

[1]: https://lore.barebox.org/barebox/2572594.vzjCzTo3RI@somecomputer/


Ahmad Fatoum (6):
  squashfs: be more careful about metadata corruption
  squashfs: more metadata hardening
  squashfs metadata 2: electric boogaloo
  squashfs: more metadata hardening
  Squashfs: Compute expected length from inode size rather than block
    length
  squashfs: refuse mount of squashfs images with non-128K block size

 fs/squashfs/Kconfig          |  5 +---
 fs/squashfs/block.c          |  2 ++
 fs/squashfs/cache.c          |  3 ++
 fs/squashfs/file.c           | 57 ++++++++++++++++++++++--------------
 fs/squashfs/file_cache.c     |  7 +++--
 fs/squashfs/fragment.c       | 17 ++++++-----
 fs/squashfs/squashfs.h       |  4 +--
 fs/squashfs/squashfs_fs.h    | 11 +++++++
 fs/squashfs/squashfs_fs_sb.h |  1 +
 fs/squashfs/super.c          | 12 ++++++--
 10 files changed, 79 insertions(+), 40 deletions(-)

-- 
2.39.2