From owner-svn-src-head@freebsd.org Mon Aug 28 20:52:33 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62BC1E13CAD; Mon, 28 Aug 2017 20:52:33 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 284A063DA4; Mon, 28 Aug 2017 20:52:33 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v7SKqWkm039473; Mon, 28 Aug 2017 20:52:32 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v7SKqWqm039472; Mon, 28 Aug 2017 20:52:32 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201708282052.v7SKqWqm039472@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Mon, 28 Aug 2017 20:52:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r322982 - head/sys/fs/msdosfs X-SVN-Group: head X-SVN-Commit-Author: kib X-SVN-Commit-Paths: head/sys/fs/msdosfs X-SVN-Commit-Revision: 322982 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 20:52:33 -0000 Author: kib Date: Mon Aug 28 20:52:32 2017 New Revision: 322982 URL: https://svnweb.freebsd.org/changeset/base/322982 Log: Verify that the BPB media descriptor and FAT ID match. FAT specification requires that for valid FAT, FAT cluster 0 has a specific value derived from the BPB media descriptor. The lowest (little-endian) byte must be equal to bpb.bpbMedia, other bits in the cluster number must be all 1's. Implement the check to reduce the chance of the randomly corrupted FAT to pass the mount attempt. Submitted by: Siva Mahadevan MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D12124 Modified: head/sys/fs/msdosfs/msdosfs_fat.c Modified: head/sys/fs/msdosfs/msdosfs_fat.c ============================================================================== --- head/sys/fs/msdosfs/msdosfs_fat.c Mon Aug 28 20:00:21 2017 (r322981) +++ head/sys/fs/msdosfs/msdosfs_fat.c Mon Aug 28 20:52:32 2017 (r322982) @@ -908,19 +908,17 @@ fillinusemap(struct msdosfsmount *pmp) * zero. These represent free clusters. */ pmp->pm_freeclustercount = 0; - for (cn = CLUST_FIRST; cn <= pmp->pm_maxcluster; cn++) { + for (cn = 0; cn <= pmp->pm_maxcluster; cn++) { byteoffset = FATOFS(pmp, cn); bo = byteoffset % pmp->pm_fatblocksize; - if (!bo || !bp) { + if (bo == 0) { /* Read new FAT block */ - if (bp) + if (bp != NULL) brelse(bp); fatblock(pmp, byteoffset, &bn, &bsize, NULL); error = bread(pmp->pm_devvp, bn, bsize, NOCRED, &bp); - if (error) { - brelse(bp); + if (error != 0) return (error); - } } if (FAT32(pmp)) readcn = getulong(&bp->b_data[bo]); @@ -930,7 +928,19 @@ fillinusemap(struct msdosfsmount *pmp) readcn >>= 4; readcn &= pmp->pm_fatmask; - if (readcn == CLUST_FREE) + /* + * Check if the FAT ID matches the BPB's media descriptor and + * all other bits are set to 1. + */ + if (cn == 0 && readcn != ((pmp->pm_fatmask & 0xffffff00) | + pmp->pm_bpb.bpbMedia)) { +#ifdef MSDOSFS_DEBUG + printf("mountmsdosfs(): Media descriptor in BPB" + "does not match FAT ID\n"); +#endif + brelse(bp); + return (EINVAL); + } else if (readcn == CLUST_FREE) usemap_free(pmp, cn); } if (bp != NULL)