[src/trunk]: src/sbin/fsck_msdos From: http://marc.info/?l=openbsd-tech&m=140...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a10055d182ed
branches:  trunk
changeset: 330404:a10055d182ed
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Jul 07 19:04:37 2014 +0000

description:
From: http://marc.info/?l=openbsd-tech&m=140354518512871&w=2
more consistency checks

diffstat:

 sbin/fsck_msdos/boot.c |  22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diffs (63 lines):

diff -r 507935d30d2b -r a10055d182ed sbin/fsck_msdos/boot.c
--- a/sbin/fsck_msdos/boot.c    Mon Jul 07 18:46:45 2014 +0000
+++ b/sbin/fsck_msdos/boot.c    Mon Jul 07 19:04:37 2014 +0000
@@ -1,4 +1,3 @@
-/*     $NetBSD: boot.c,v 1.15 2009/04/11 07:14:50 lukem Exp $  */
 
 /*
  * Copyright (C) 1995, 1997 Wolfgang Solfrank
@@ -28,11 +27,12 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: boot.c,v 1.15 2009/04/11 07:14:50 lukem Exp $");
+__RCSID("$NetBSD: boot.c,v 1.16 2014/07/07 19:04:37 christos Exp $");
 #endif /* not lint */
 
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
 #include <stdio.h>
 #include <unistd.h>
 
@@ -64,8 +64,16 @@
        /* decode bios parameter block */
        boot->BytesPerSec = block[11] + (block[12] << 8);
        boot->SecPerClust = block[13];
+       if (boot->SecPerClust == 0 || popcount(boot->SecPerClust) != 1) {
+               pfatal("Invalid cluster size: %u\n", boot->SecPerClust);
+               return FSFATAL;
+       }
        boot->ResSectors = block[14] + (block[15] << 8);
        boot->FATs = block[16];
+       if (boot->FATs == 0) {
+               pfatal("Invalid number of FATs: %u\n", boot->FATs);
+               return FSFATAL;
+       }
        boot->RootDirEnts = block[17] + (block[18] << 8);
        boot->Sectors = block[19] + (block[20] << 8);
        boot->Media = block[21];
@@ -171,6 +179,10 @@
                }
                /* Check backup FSInfo?                                 XXX */
        }
+       if (boot->FATsecs == 0) {
+               pfatal("Invalid number of FAT sectors: %u\n", boot->FATsecs);
+               return FSFATAL;
+       }
 
        boot->ClusterOffset = (boot->RootDirEnts * 32 + boot->BytesPerSec - 1)
            / boot->BytesPerSec
@@ -193,6 +205,12 @@
                boot->NumSectors = boot->HugeSectors;
        boot->NumClusters = (boot->NumSectors - boot->ClusterOffset) / boot->SecPerClust;
 
+       if (boot->ClusterOffset > boot->NumSectors) {
+               pfatal("Cluster offset too large (%u clusters)\n",
+                   boot->ClusterOffset);
+               return FSFATAL;
+       }
+
        if (boot->flags&FAT32)
                boot->ClustMask = CLUST32_MASK;
        else if (boot->NumClusters < (CLUST_RSRVD&CLUST12_MASK))