From owner-svn-src-all@FreeBSD.ORG Fri Apr 2 15:22:23 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A61581065672; Fri, 2 Apr 2010 15:22:23 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 95E2C8FC16; Fri, 2 Apr 2010 15:22:23 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o32FMNFZ095468; Fri, 2 Apr 2010 15:22:23 GMT (envelope-from avg@svn.freebsd.org) Received: (from avg@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o32FMNgu095467; Fri, 2 Apr 2010 15:22:23 GMT (envelope-from avg@svn.freebsd.org) Message-Id: <201004021522.o32FMNgu095467@svn.freebsd.org> From: Andriy Gapon Date: Fri, 2 Apr 2010 15:22:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r206098 - head/sys/fs/msdosfs X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Apr 2010 15:22:23 -0000 Author: avg Date: Fri Apr 2 15:22:23 2010 New Revision: 206098 URL: http://svn.freebsd.org/changeset/base/206098 Log: mountmsdosfs: reject too high value of bytes per cluster Bytes per cluster are calcuated as bytes per sector times sectors per cluster. Too high value can overflow an internal variable with type that can hold only values in valid range. Trying to use a wider type results in an attempt to read more than MAXBSIZE at once, a panic. Unfortunately, it is FreeBSD newfs_msdos that produces filesystems with invalid parameters for certain types of media. Reported by: Fabian Keil , Paul B. Mahol Discussed with: bde, kib MFC after: 1 week X-ToDo: fix newfs_msdos Modified: head/sys/fs/msdosfs/msdosfs_vfsops.c Modified: head/sys/fs/msdosfs/msdosfs_vfsops.c ============================================================================== --- head/sys/fs/msdosfs/msdosfs_vfsops.c Fri Apr 2 15:12:31 2010 (r206097) +++ head/sys/fs/msdosfs/msdosfs_vfsops.c Fri Apr 2 15:22:23 2010 (r206098) @@ -580,6 +580,7 @@ mountmsdosfs(struct vnode *devvp, struct || (pmp->pm_BytesPerSec & (pmp->pm_BytesPerSec - 1)) || (pmp->pm_HugeSectors == 0) || (pmp->pm_FATsecs == 0) + || (SecPerClust * pmp->pm_BlkPerSec > MAXBSIZE / DEV_BSIZE) ) { error = EINVAL; goto error_exit;