From nobody Mon Oct 4 22:18:00 2021 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 26FBC12D542A; Mon, 4 Oct 2021 22:18:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HNZpx0Rklz4r1W; Mon, 4 Oct 2021 22:18:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DED5D20E63; Mon, 4 Oct 2021 22:18:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 194MI0Nk093983; Mon, 4 Oct 2021 22:18:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 194MI0he093982; Mon, 4 Oct 2021 22:18:00 GMT (envelope-from git) Date: Mon, 4 Oct 2021 22:18:00 GMT Message-Id: <202110042218.194MI0he093982@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: f0a08fa9f532 - main - geom_label: Add more validation for NTFS volume tasting List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f0a08fa9f532a58f5d7a4814d6eb7ddd49f368da Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=f0a08fa9f532a58f5d7a4814d6eb7ddd49f368da commit f0a08fa9f532a58f5d7a4814d6eb7ddd49f368da Author: Mark Johnston AuthorDate: 2021-10-04 21:48:44 +0000 Commit: Mark Johnston CommitDate: 2021-10-04 22:15:06 +0000 geom_label: Add more validation for NTFS volume tasting - Ensure that the computed MFT record size isn't negative or larger than maxphys before trying to read $Volume. - Guard against truncated records in volume metadata. - Ensure that the record length is large enough to contain the volume name. - Verify that the (UTF-16-encoded) volume name's length is a multiple of two. PR: 258833, 258914 MFC after: 2 weeks Sponsored by: The FreeBSD Foundation --- sys/geom/label/g_label_ntfs.c | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/sys/geom/label/g_label_ntfs.c b/sys/geom/label/g_label_ntfs.c index f78d4d28b967..888096164b09 100644 --- a/sys/geom/label/g_label_ntfs.c +++ b/sys/geom/label/g_label_ntfs.c @@ -99,7 +99,8 @@ g_label_ntfs_taste(struct g_consumer *cp, char *label, size_t size) struct ntfs_filerec *fr; struct ntfs_attr *atr; off_t voloff; - char *filerecp, *ap; + size_t recoff; + char *filerecp; int8_t mftrecsz; char vnchar; int recsize, j; @@ -119,8 +120,9 @@ g_label_ntfs_taste(struct g_consumer *cp, char *label, size_t size) goto done; mftrecsz = bf->bf_mftrecsz; - recsize = (mftrecsz > 0) ? (mftrecsz * bf->bf_bps * bf->bf_spc) : (1 << -mftrecsz); - if (recsize == 0 || recsize % pp->sectorsize != 0) + recsize = (mftrecsz > 0) ? (mftrecsz * bf->bf_bps * bf->bf_spc) : + (1 << -mftrecsz); + if (recsize <= 0 || recsize > maxphys || recsize % pp->sectorsize != 0) goto done; voloff = bf->bf_mftcn * bf->bf_spc * bf->bf_bps + @@ -132,24 +134,33 @@ g_label_ntfs_taste(struct g_consumer *cp, char *label, size_t size) if (filerecp == NULL) goto done; fr = (struct ntfs_filerec *)filerecp; - if (fr->fr_hdrmagic != NTFS_FILEMAGIC) goto done; - for (ap = filerecp + fr->fr_attroff; - atr = (struct ntfs_attr *)ap, atr->a_type != -1; - ap += atr->reclen) { + for (recoff = fr->fr_attroff; + recoff <= recsize - 2 * sizeof(uint32_t); + recoff += atr->reclen) { + atr = (struct ntfs_attr *)(filerecp + recoff); + if (atr->a_type == -1) + break; + if (atr->reclen < sizeof(*atr)) + break; + if (recsize - recoff < atr->reclen) + break; if (atr->a_type == NTFS_A_VOLUMENAME) { - if(atr->a_datalen >= size *2){ - label[0] = 0; - goto done; - } + if (atr->a_dataoff > atr->reclen || + atr->a_datalen > atr->reclen - atr->a_dataoff) + break; + /* - *UNICODE to ASCII. + * UNICODE to ASCII. * Should we need to use iconv(9)? */ + if (atr->a_datalen >= size * 2 || + atr->a_datalen % 2 != 0) + break; for (j = 0; j < atr->a_datalen; j++) { - vnchar = *(ap + atr->a_dataoff + j); + vnchar = ((char *)atr)[atr->a_dataoff + j]; if (j & 1) { if (vnchar) { label[0] = 0;