From owner-svn-src-head@freebsd.org Wed Sep 23 06:52:23 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A498D3F0884; Wed, 23 Sep 2020 06:52:23 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bx84R3yz3z4Nhh; Wed, 23 Sep 2020 06:52:23 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6BA48C91A; Wed, 23 Sep 2020 06:52:23 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 08N6qNh3070063; Wed, 23 Sep 2020 06:52:23 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 08N6qNsa070062; Wed, 23 Sep 2020 06:52:23 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <202009230652.08N6qNsa070062@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 23 Sep 2020 06:52:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366064 - head/sbin/fsck_msdosfs X-SVN-Group: head X-SVN-Commit-Author: delphij X-SVN-Commit-Paths: head/sbin/fsck_msdosfs X-SVN-Commit-Revision: 366064 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 06:52:23 -0000 Author: delphij Date: Wed Sep 23 06:52:22 2020 New Revision: 366064 URL: https://svnweb.freebsd.org/changeset/base/366064 Log: sbin/fsck_msdosfs: Fix an integer overflow on 32-bit platforms. The purpose of checksize() is to verify that the referenced cluster chain size matches the recorded file size (up to 2^32 - 1) in the directory entry. We follow the cluster chain, then multiple the cluster count by bytes per cluster to get the physical size, then check it against the recorded size. When a file is close to 4 GiB (between 4GiB - cluster size and 4GiB, both non-inclusive), the product of cluster count and bytes per cluster would be exactly 4 GiB. On 32-bit systems, because size_t is 32-bit, this would wrap back to 0, which will cause the file be truncated to 0. Fix this by using 64-bit physicalSize instead. This fix is inspired by an Android change request at https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/1428461 PR: 249533 Reviewed by: kevlo MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D26524 Modified: head/sbin/fsck_msdosfs/dir.c Modified: head/sbin/fsck_msdosfs/dir.c ============================================================================== --- head/sbin/fsck_msdosfs/dir.c Wed Sep 23 04:09:02 2020 (r366063) +++ head/sbin/fsck_msdosfs/dir.c Wed Sep 23 06:52:22 2020 (r366064) @@ -388,7 +388,8 @@ static int checksize(struct fat_descriptor *fat, u_char *p, struct dosDirEntry *dir) { int ret = FSOK; - size_t physicalSize; + size_t chainsize; + u_int64_t physicalSize; struct bootblock *boot; boot = fat_get_boot(fat); @@ -401,9 +402,9 @@ checksize(struct fat_descriptor *fat, u_char *p, struc } else { if (!fat_is_valid_cl(fat, dir->head)) return FSERROR; - ret = checkchain(fat, dir->head, &physicalSize); + ret = checkchain(fat, dir->head, &chainsize); /* - * Upon return, physicalSize would hold the chain length + * Upon return, chainsize would hold the chain length * that checkchain() was able to validate, but if the user * refused the proposed repair, it would be unsafe to * proceed with directory entry fix, so bail out in that @@ -412,7 +413,13 @@ checksize(struct fat_descriptor *fat, u_char *p, struc if (ret == FSERROR) { return (FSERROR); } - physicalSize *= boot->ClusterSize; + /* + * The maximum file size on FAT32 is 4GiB - 1, which + * will occupy a cluster chain of exactly 4GiB in + * size. On 32-bit platforms, since size_t is 32-bit, + * it would wrap back to 0. + */ + physicalSize = (u_int64_t)chainsize * boot->ClusterSize; } if (physicalSize < dir->size) { pwarn("size of %s is %u, should at most be %zu\n",