Date: 30 Jun 2001 15:08:53 +0800 From: Jiangyi Liu <gzjyliu@public.guangzhou.gd.cn> To: hackers@FreeBSD.org Subject: [PATCH]FSInfo Validation in mountmsdosfs() Message-ID: <87vglela0q.fsf@fatcow.home>
next in thread | raw e-mail | index | archive | help
--=-=-=
Hi all,
In -current and -stable, mountmsdosfs() doesn't not check if
pm_nxtfree exceeds the max cluster in the file system. So if a corrupted
msdos filesystem(which is not uncommon) is written, the following code
in updatefats()@msdosfs_fat.c will generate an unpleasure panic. :)
u_long cn = pmp->pm_nxtfree;
if (pmp->pm_freeclustercount
&& (pmp->pm_inusemap[cn / N_INUSEBITS]
& (1 << (cn % N_INUSEBITS)))) { .... }
A patch of primitive validation for pm_nxtfree in
mountmsdosfs()@msdosfs_vfsops.c is attached in this mail. BTW, does
anyone know why fsck_msdos is missing in FreeBSD?
Cheers,
Jiangyi
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=msdosfs.diff
*** msdosfs_vfsops.c.orig Sat Jun 30 14:21:15 2001
--- msdosfs_vfsops.c Sat Jun 30 14:30:25 2001
***************
*** 681,686 ****
--- 681,692 ----
/*
* Check and validate (or perhaps invalidate?) the fsinfo structure? XXX
*/
+ if (pmp->pm_fsinfo && pmp->pm_nxtfree > pmp->pm_maxcluster) {
+ printf ("Next free cluster in FSInfo (%u) exceeds maxcluster (%u)\n",
+ pmp->pm_nxtfree, pmp->pm_maxcluster);
+ error = EINVAL;
+ goto error_exit;
+ }
/*
* Allocate memory for the bitmap of allocated clusters, and then
--=-=-=--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87vglela0q.fsf>