Module Name: src
Committed By: martin
Date: Mon Jul 31 15:50:36 UTC 2023
Modified Files:
src/sys/fs/hfs [netbsd-8]: libhfs.c libhfs.h
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1865):
sys/fs/hfs/libhfs.h: revision 1.9
sys/fs/hfs/libhfs.c: revision 1.16
sys/fs/hfs/libhfs.c: revision 1.17
fs/hfs: Avoid buffer overrun in hfslib_reada_node_offsets.
fs/hfs: Avoid undefined pointer arith in hfslib_reada_node_offsets.
To generate a diff of this commit:
cvs rdiff -u -r1.14.10.1 -r1.14.10.2 src/sys/fs/hfs/libhfs.c
cvs rdiff -u -r1.7 -r1.7.10.1 src/sys/fs/hfs/libhfs.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/hfs/libhfs.c
diff -u src/sys/fs/hfs/libhfs.c:1.14.10.1 src/sys/fs/hfs/libhfs.c:1.14.10.2
--- src/sys/fs/hfs/libhfs.c:1.14.10.1 Sat Apr 1 16:34:04 2023
+++ src/sys/fs/hfs/libhfs.c Mon Jul 31 15:50:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: libhfs.c,v 1.14.10.1 2023/04/01 16:34:04 martin Exp $ */
+/* $NetBSD: libhfs.c,v 1.14.10.2 2023/07/31 15:50:36 martin Exp $ */
/*-
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@@ -47,7 +47,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: libhfs.c,v 1.14.10.1 2023/04/01 16:34:04 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: libhfs.c,v 1.14.10.2 2023/07/31 15:50:36 martin Exp $");
#include "libhfs.h"
@@ -1477,7 +1477,7 @@ hfslib_reada_node(void* in_bytes,
HFS_LIBERR("could not allocate node records");
last_bytes_read = hfslib_reada_node_offsets((uint8_t*)in_bytes + nodesize -
- numrecords * sizeof(uint16_t), rec_offsets);
+ numrecords * sizeof(uint16_t), rec_offsets, numrecords);
if (last_bytes_read == 0)
HFS_LIBERR("could not read node record offsets");
@@ -1566,7 +1566,8 @@ exit:
* in reverse order. Does not read the free space offset.
*/
size_t
-hfslib_reada_node_offsets(void* in_bytes, uint16_t* out_offset_array)
+hfslib_reada_node_offsets(void* in_bytes, uint16_t* out_offset_array,
+ uint16_t numrecords)
{
void* ptr;
@@ -1581,11 +1582,11 @@ hfslib_reada_node_offsets(void* in_bytes
* offset=14, we know this is the last offset. In this way, we don't need
* to know the number of records beforehand.
*/
- out_offset_array--;
do {
- out_offset_array++;
+ if (numrecords-- == 0)
+ return 0;
*out_offset_array = be16tohp(&ptr);
- } while (*out_offset_array != (uint16_t)14);
+ } while (*out_offset_array++ != (uint16_t)14);
return ((uint8_t*)ptr - (uint8_t*)in_bytes);
}
Index: src/sys/fs/hfs/libhfs.h
diff -u src/sys/fs/hfs/libhfs.h:1.7 src/sys/fs/hfs/libhfs.h:1.7.10.1
--- src/sys/fs/hfs/libhfs.h:1.7 Sun Jun 21 14:00:40 2015
+++ src/sys/fs/hfs/libhfs.h Mon Jul 31 15:50:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: libhfs.h,v 1.7 2015/06/21 14:00:40 maxv Exp $ */
+/* $NetBSD: libhfs.h,v 1.7.10.1 2023/07/31 15:50:36 martin Exp $ */
/*-
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@@ -591,7 +591,7 @@ size_t hfslib_read_master_directory_bloc
hfs_hfs_master_directory_block_t*);
size_t hfslib_reada_node(void*, hfs_node_descriptor_t*, void***, uint16_t**,
hfs_btree_file_type, hfs_volume*, hfs_callback_args*);
-size_t hfslib_reada_node_offsets(void*, uint16_t*);
+size_t hfslib_reada_node_offsets(void*, uint16_t*, uint16_t);
size_t hfslib_read_header_node(void**, uint16_t*, uint16_t,
hfs_header_record_t*, void*, void*);
size_t hfslib_read_catalog_keyed_record(void*, hfs_catalog_keyed_record_t*,
