CVS commit: src/sys/fs/msdosfs

Thu, 22 Jan 2015 18:39:59 -0800 

Module Name:    src
Committed By:   christos
Date:           Fri Jan 23 02:39:48 UTC 2015

Modified Files:
        src/sys/fs/msdosfs: msdosfs_vfsops.c

Log Message:
add some more paranoid checks about secsize and struct use.


To generate a diff of this commit:
cvs rdiff -u -r1.115 -r1.116 src/sys/fs/msdosfs/msdosfs_vfsops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/fs/msdosfs/msdosfs_vfsops.c
diff -u src/sys/fs/msdosfs/msdosfs_vfsops.c:1.115 src/sys/fs/msdosfs/msdosfs_vfsops.c:1.116
--- src/sys/fs/msdosfs/msdosfs_vfsops.c:1.115	Fri Jul 18 13:24:34 2014
+++ src/sys/fs/msdosfs/msdosfs_vfsops.c	Thu Jan 22 21:39:48 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: msdosfs_vfsops.c,v 1.115 2014/07/18 17:24:34 maxv Exp $	*/
+/*	$NetBSD: msdosfs_vfsops.c,v 1.116 2015/01/23 02:39:48 christos Exp $	*/
 
 /*-
  * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@@ -48,7 +48,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.115 2014/07/18 17:24:34 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.116 2015/01/23 02:39:48 christos Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -510,6 +510,11 @@ msdosfs_mountfs(struct vnode *devvp, str
 	 * Read the boot sector of the filesystem, and then check the
 	 * boot signature.  If not a dos boot sector then error out.
 	 */
+	if (secsize < sizeof(*b50)) {
+		DPRINTF(("50 bootsec %u\n", secsize));
+		error = EINVAL;
+		goto error_exit;
+	}
 	if ((error = bread(devvp, 0, secsize, NOCRED, 0, &bp)) != 0)
 		goto error_exit;
 	bsp = (union bootsector *)bp->b_data;
@@ -551,6 +556,11 @@ msdosfs_mountfs(struct vnode *devvp, str
 		pmp->pm_HiddenSects = getulong(b50->bpbHiddenSecs);
 		pmp->pm_HugeSectors = getulong(b50->bpbHugeSectors);
 	} else {
+		if (secsize < sizeof(*b33)) {
+			DPRINTF(("33 bootsec %u\n", secsize));
+			error = EINVAL;
+			goto error_exit;
+		}
 		pmp->pm_HiddenSects = getushort(b33->bpbHiddenSecs);
 		pmp->pm_HugeSectors = pmp->pm_Sectors;
 	}
@@ -579,6 +589,11 @@ msdosfs_mountfs(struct vnode *devvp, str
 	}
 
 	if (pmp->pm_RootDirEnts == 0) {
+		if (secsize < sizeof(*b710)) {
+			DPRINTF(("710 bootsec %u\n", secsize));
+			error = EINVAL;
+			goto error_exit;
+		}
 		unsigned short FSVers = getushort(b710->bpbFSVers);
 		unsigned short ExtFlags = getushort(b710->bpbExtFlags);
 		/*
@@ -650,6 +665,11 @@ msdosfs_mountfs(struct vnode *devvp, str
 
 	pmp->pm_fatblk = pmp->pm_ResSectors;
 	if (FAT32(pmp)) {
+		if (secsize < sizeof(*b710)) {
+			DPRINTF(("710 bootsec %u\n", secsize));
+			error = EINVAL;
+			goto error_exit;
+		}
 		pmp->pm_rootdirblk = getulong(b710->bpbRootClust);
 		pmp->pm_firstcluster = pmp->pm_fatblk
 			+ (pmp->pm_FATs * pmp->pm_FATsecs);

Reply via email to