Fix for CVE-2018-15671. h5stat -S $POC will result in a crash with segmenetation fault. (#3427)

It is because the object in the testfile points back to the root group.
When the tool tries to traverse the object, it goes back to the root group and then back again.

2 files changed, 2 insertions, 16 deletions

diff --git a/tools/src/h5dump/h5dump_ddl.c b/tools/src/h5dump/h5dump_ddl.c
index 8a02a49..adc8585 100644
--- a/tools/src/h5dump/h5dump_ddl.c
+++ b/tools/src/h5dump/h5dump_ddl.c
@@ -853,10 +853,7 @@ dump_group(hid_t gid, const char *name)
 
     H5Oget_info3(gid, &oinfo, H5O_INFO_BASIC);
 
-    /* Must check for uniqueness of all objects if we've traversed an elink,
-     * otherwise only check if the reference count > 1.
-     */
-    if (oinfo.rc > 1 || hit_elink) {
+    {
         obj_t *found_obj; /* Found object */
 
         found_obj = search_obj(group_table, &oinfo.token);
@@ -880,10 +877,6 @@ dump_group(hid_t gid, const char *name)
             link_iteration(gid, crt_order_flags);
         }
     }
-    else {
-        attr_iteration(gid, attr_crt_order_flags);
-        link_iteration(gid, crt_order_flags);
-    }
 
     dump_indent -= COL;
     ctx.indent_level--;
diff --git a/tools/testfiles/tgroup-2.ddl b/tools/testfiles/tgroup-2.ddl
index 2ac8ac6..5374742 100644
--- a/tools/testfiles/tgroup-2.ddl
+++ b/tools/testfiles/tgroup-2.ddl
@@ -17,14 +17,7 @@ GROUP "/" {
       }
    }
    GROUP "g2" {
-      GROUP "g2.1" {
-         GROUP "g2.1.1" {
-         }
-         GROUP "g2.1.2" {
-         }
-         GROUP "g2.1.3" {
-         }
-      }
+      HARDLINK "/g2"
    }
    GROUP "g3" {
       GROUP "g3.1" {