Pull up following revision(s) (requested by riastradh in ticket #1682):
sys/fs/hfs/libhfs.h: revision 1.9 sys/fs/hfs/libhfs.c: revision 1.16 sys/fs/hfs/libhfs.c: revision 1.17 fs/hfs: Avoid buffer overrun in hfslib_reada_node_offsets. fs/hfs: Avoid undefined pointer arith in hfslib_reada_node_offsets.
This commit is contained in:
martin
parent
0924c9f419
commit
348fbe9996
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: libhfs.c,v 1.15 2018/12/30 22:40:00 sevan Exp $ */
|
||||
/* $NetBSD: libhfs.c,v 1.15.4.1 2023/07/31 15:49:04 martin Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
|
||||
|
|
@ -47,7 +47,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: libhfs.c,v 1.15 2018/12/30 22:40:00 sevan Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: libhfs.c,v 1.15.4.1 2023/07/31 15:49:04 martin Exp $");
|
||||
|
||||
#include "libhfs.h"
|
||||
|
||||
|
|
@ -1477,7 +1477,7 @@ hfslib_reada_node(void* in_bytes,
|
|||
HFS_LIBERR("could not allocate node records");
|
||||
|
||||
last_bytes_read = hfslib_reada_node_offsets((uint8_t*)in_bytes + nodesize -
|
||||
numrecords * sizeof(uint16_t), rec_offsets);
|
||||
numrecords * sizeof(uint16_t), rec_offsets, numrecords);
|
||||
if (last_bytes_read == 0)
|
||||
HFS_LIBERR("could not read node record offsets");
|
||||
|
||||
|
|
@ -1566,7 +1566,8 @@ exit:
|
|||
* in reverse order. Does not read the free space offset.
|
||||
*/
|
||||
size_t
|
||||
hfslib_reada_node_offsets(void* in_bytes, uint16_t* out_offset_array)
|
||||
hfslib_reada_node_offsets(void* in_bytes, uint16_t* out_offset_array,
|
||||
uint16_t numrecords)
|
||||
{
|
||||
void* ptr;
|
||||
|
||||
|
|
@ -1581,11 +1582,11 @@ hfslib_reada_node_offsets(void* in_bytes, uint16_t* out_offset_array)
|
|||
* offset=14, we know this is the last offset. In this way, we don't need
|
||||
* to know the number of records beforehand.
|
||||
*/
|
||||
out_offset_array--;
|
||||
do {
|
||||
out_offset_array++;
|
||||
if (numrecords-- == 0)
|
||||
return 0;
|
||||
*out_offset_array = be16tohp(&ptr);
|
||||
} while (*out_offset_array != (uint16_t)14);
|
||||
} while (*out_offset_array++ != (uint16_t)14);
|
||||
|
||||
return ((uint8_t*)ptr - (uint8_t*)in_bytes);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: libhfs.h,v 1.8 2019/01/05 10:25:11 maya Exp $ */
|
||||
/* $NetBSD: libhfs.h,v 1.8.4.1 2023/07/31 15:49:04 martin Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
|
||||
|
|
@ -585,7 +585,7 @@ size_t hfslib_read_master_directory_block(void*,
|
|||
hfs_hfs_master_directory_block_t*);
|
||||
size_t hfslib_reada_node(void*, hfs_node_descriptor_t*, void***, uint16_t**,
|
||||
hfs_btree_file_type, hfs_volume*, hfs_callback_args*);
|
||||
size_t hfslib_reada_node_offsets(void*, uint16_t*);
|
||||
size_t hfslib_reada_node_offsets(void*, uint16_t*, uint16_t);
|
||||
size_t hfslib_read_header_node(void**, uint16_t*, uint16_t,
|
||||
hfs_header_record_t*, void*, void*);
|
||||
size_t hfslib_read_catalog_keyed_record(void*, hfs_catalog_keyed_record_t*,
|
||||
|
|
|
|||
Loading…
Reference in New Issue