From 0a170443045c2fb252324fabb929f7beb0e2f24e Mon Sep 17 00:00:00 2001
From: wcampbell <wcampbell1995@gmail.com>
Date: Mon, 18 Nov 2024 17:30:52 -0500
Subject: [PATCH] Prevent self referential dir

* Found by fuzzer, prevent stack overflow of a self referential dir
---
 backhand/src/squashfs.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/backhand/src/squashfs.rs b/backhand/src/squashfs.rs
index af2e90e8..4156ada5 100644
--- a/backhand/src/squashfs.rs
+++ b/backhand/src/squashfs.rs
@@ -519,8 +519,7 @@ impl<'b> Squashfs<'b> {
             for d in &dirs {
                 trace!("extracting entry: {:#?}", d.dir_entries);
                 for entry in &d.dir_entries {
-                    let Ok(inode_key) = (d.inode_num as i32 + entry.inode_offset as i32).try_into()
-                    else {
+                    let Ok(inode_key) = (d.inode_num as i32 + entry.inode_offset as i32).try_into() else {
                         return Err(BackhandError::CorruptedOrInvalidSquashfs);
                     };
                     let Some(found_inode) = &self.inodes.get(&inode_key) else {
@@ -533,6 +532,10 @@ impl<'b> Squashfs<'b> {
                         // BasicDirectory, ExtendedDirectory
                         InodeId::BasicDirectory | InodeId::ExtendedDirectory => {
                             // its a dir, extract all children inodes
+                            if *found_inode == dir_inode {
+                                error!("self referential dir to already read inode");
+                                return Err(BackhandError::UnexpectedInode(dir_inode.inner.clone()));
+                            }
                             self.extract_dir(fullpath, root, found_inode, &self.id)?;
                             InnerNode::Dir(SquashfsDir::default())
                         }