Prevent self referential dir

* Found by fuzzer, prevent stack overflow of a self referential dir
wcampbell0x2a · Nov 19, 2024 · c306fd9 · c306fd9
1 parent 97d5a08
commit c306fd9
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/backhand/src/squashfs.rs b/backhand/src/squashfs.rs
@@ -519,8 +519,7 @@ impl<'b> Squashfs<'b> {
             for d in &dirs {
                 trace!("extracting entry: {:#?}", d.dir_entries);
                 for entry in &d.dir_entries {
-                    let Ok(inode_key) = (d.inode_num as i32 + entry.inode_offset as i32).try_into()
-                    else {
+                    let Ok(inode_key) = (d.inode_num as i32 + entry.inode_offset as i32).try_into() else {
                         return Err(BackhandError::CorruptedOrInvalidSquashfs);
                     };
                     let Some(found_inode) = &self.inodes.get(&inode_key) else {
@@ -533,6 +532,10 @@ impl<'b> Squashfs<'b> {
                         // BasicDirectory, ExtendedDirectory
                         InodeId::BasicDirectory | InodeId::ExtendedDirectory => {
                             // its a dir, extract all children inodes
+                            if *found_inode == dir_inode {
+                                error!("self referential dir to already read inode");
+                                return Err(BackhandError::UnexpectedInode(dir_inode.inner.clone()));
+                            }
                             self.extract_dir(fullpath, root, found_inode, &self.id)?;
                             InnerNode::Dir(SquashfsDir::default())
                         }