From owner-freebsd-hackers  Sat Jun 30  0: 8:34 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from public.guangzhou.gd.cn (mail1-smtp.guangzhou.gd.cn [202.105.65.221])
	by hub.freebsd.org (Postfix) with SMTP id 1809037B403
	for <hackers@FreeBSD.org>; Sat, 30 Jun 2001 00:08:30 -0700 (PDT)
	(envelope-from gzjyliu@public.guangzhou.gd.cn)
Received: from fatcow.home([203.93.59.244]) by public.guangzhou.gd.cn(JetMail 2.5.3.0)
	with SMTP id jm143b3d8201; Sat, 30 Jun 2001 07:06:20 -0000
Received: (from jyliu@localhost)
	by fatcow.home (8.11.3/8.11.3) id f5U78rj00338;
	Sat, 30 Jun 2001 15:08:53 +0800 (CST)
	(envelope-from gzjyliu@public.guangzhou.gd.cn)
X-Authentication-Warning: fatcow.home: jyliu set sender to gzjyliu@public.guangzhou.gd.cn using -f
To: hackers@FreeBSD.org
Subject: [PATCH]FSInfo Validation in mountmsdosfs()
From: Jiangyi Liu <gzjyliu@public.guangzhou.gd.cn>
Date: 30 Jun 2001 15:08:53 +0800
Message-ID: <87vglela0q.fsf@fatcow.home>
Lines: 25
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

--=-=-=

Hi all,

In -current and -stable, mountmsdosfs() doesn't not check if
pm_nxtfree exceeds the max cluster in the file system. So if a corrupted
msdos filesystem(which is not uncommon) is written, the following code
in updatefats()@msdosfs_fat.c will generate an unpleasure panic. :)

	u_long cn = pmp->pm_nxtfree;

	if (pmp->pm_freeclustercount
	    && (pmp->pm_inusemap[cn / N_INUSEBITS]
        	& (1 << (cn % N_INUSEBITS)))) { .... }

A patch of primitive validation for pm_nxtfree in
mountmsdosfs()@msdosfs_vfsops.c is attached in this mail. BTW, does
anyone know why fsck_msdos is missing in FreeBSD?

Cheers,
Jiangyi


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=msdosfs.diff

*** msdosfs_vfsops.c.orig	Sat Jun 30 14:21:15 2001
--- msdosfs_vfsops.c	Sat Jun 30 14:30:25 2001
***************
*** 681,686 ****
--- 681,692 ----
  	/*
  	 * Check and validate (or perhaps invalidate?) the fsinfo structure?		XXX
  	 */
+     if (pmp->pm_fsinfo && pmp->pm_nxtfree > pmp->pm_maxcluster) {
+         printf ("Next free cluster in FSInfo (%u) exceeds maxcluster (%u)\n",
+                pmp->pm_nxtfree, pmp->pm_maxcluster);
+         error = EINVAL;
+         goto error_exit;
+     }
  
  	/*
  	 * Allocate memory for the bitmap of allocated clusters, and then
--=-=-=--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message