filenames (buffer overflow)
makefs does not properly verify the maximum filename length in the
special "." case for both ISO level 1 and ISO level 2 filename
conversion. This creates broken images or causes a buffer overflow
(ISO level 2).
ISO level 1:
If a filename contains only dots or up to 8 characters followed by
dots the 8+3 limit check doesn't work.
ISO level 2:
If a filename contains a dot in the first 30 characters and a dot
on the 30th character, the length limit check doesn't work and the
buffer is overflowed.
$ mkdir level1
$ touch level1/12345............
$ makefs -t cd9660 -o isolevel=1 test.iso level1
$ mkdir level2
$ touch level2/1234567890.2345678901234567.....34567890123456789012345
$ makefs -t cd9660 -o isolevel=2 test.iso level2
rename option arguments in the manpage's `SYNOPSIS' section to
match those from `usage' (not the other way around; the `usage'-line
(and other parts of makefs.c) contain the correct names);
minor punctuation improvements.
From Snader_LB.
since actual user is not cd9660_eltorito.c but iso.h and
cd9660_eltorito.h.
Actually, include order/place of sys/endian.h doesn't matter on
netbsd since it is always included by sys/types.h but it's not
true on other system. This should fix cross build breakage on
freebsd introduced by rev. 1.16 of cd9660_eltorito.c.
Problem reported and fix suggested on twitter.
corrupted cd9660fs):
- makefs/cd9660.c:
- cd9660_rrip_move_directory() should also update lenght[0] and
name_len[0] in dir->isoDirRecord
- makefs/cd9660/iso9660_rrip.c:
- cd9660_rrip_finalize_node() should check rr_real_parent in node->parent,
not in node itself in RRIP_PL case
- cd9660_rrip_initialize_node() should update only node passed as arg
so handle RRIP_PL in DOTDOT case
Fixes malformed dotdot entries in deep (more than 8 level) directories
moved into .rr_moved dir.
Should be pulled up to netbsd-5.
(no official ISO has such deep dirs, but cobalt restorecd is affected)
Add code to generate bootable ISOs on Powermac and CHRP systems.
Synthesize some partition maps (APM and MBR, respectively) pointing
to (a) the whole disk, and (b) relevant El Torito boot images that
have been added by other code. These partition maps are a little
bit funny looking, but they seem to work. FreeBSD has been using
this successfully in their release generation on powerpc, as well
as generating all non-SPARC install media. SPARC support could
probably be added as an extension of this patch.
to store disk quota usage and limits, integrated with ffs
metadata. Usage is checked by fsck_ffs (no more quotacheck)
and is covered by the WAPBL journal. Enabled with kernel
option QUOTA2 (added where QUOTA was enabled in kernel config files),
turned on with tunefs(8) on a per-filesystem
basis. mount_mfs(8) can also turn quotas on.
See http://mail-index.netbsd.org/tech-kern/2011/02/19/msg010025.html
for details.
suggest in the error message a possible cause: the size= attribute in
the metalog (if one is given) may be different from the source file's
actual size.
This is done by adding the general ability to stuff non-SUSP data into
the end of the System Use field of a Directory Record, which required
some amount of rewriting of the SUSP support. I think the result is
at least as good as what came before, and I've fixed at least one bug
along the way. Tested against RISC OS 3.70 on my Risc PC.
Oh, why do we want it? It should allow us to make acorn{26,32} CDs that
can be booted directly from RISC OS without mucking around copying the
bootloader to a native filing system.
the System Use field with fewer then 28 bytes to spare, we were
remembering the wrong length for the System Use field and hence
emitting a corrupt directory entry. This could be triggered by trying
to build a filesystem containing a regular file with a 120-byte name.
Now we're a little more careful.
Continuation Area, be sure to insert the "CE" record at the correct
point in the chain of SUSP records. Without this, makefs emits
an invalid image if any file needs a Continuation Area. The bug
seems to have been introduced with the conversion to TAILQs.
without supplying a value, complain at them instead of segfaulting.
Or, to put it another way, check that the value is non-NULL before calling
set_option().
Initialise memory before writing to only part of it,
making sure that the string is NUL-terminated
Allocate the maximum allowed length (including the
terminating NUL byte) for the temporary name string, make sure
the final output is NUL terminated, and copy back the NUL when
overwriting the previously created name (since maxlen is always
at least 1 less than ISO_FILENAME_MAXLENGTH_WITH_PADDING, this
is no problem)
Patches from Thorsten Glaser through freenode.net.
