X-Git-Url: http://git.sven.stormbind.net/?a=blobdiff_plain;f=debian%2Fpatches%2Fcheck-sector-and-cluster-size;fp=debian%2Fpatches%2Fcheck-sector-and-cluster-size;h=c630c2d6a678bb6d1b40e45376536178e044d552;hb=c26a50397736d869d989d8c3d4dae6e00f28501e;hp=0000000000000000000000000000000000000000;hpb=966875ed51cae814c378c91d3f04e6be53240fd4;p=sven%2Fexfat-utils.git

diff --git a/debian/patches/check-sector-and-cluster-size b/debian/patches/check-sector-and-cluster-size
new file mode 100644
index 0000000..c630c2d
--- /dev/null
+++ b/debian/patches/check-sector-and-cluster-size
@@ -0,0 +1,49 @@
+Patch for https://github.com/relan/exfat/issues/5
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -172,6 +172,24 @@ int exfat_mount(struct exfat* ef, const
+ 		exfat_error("exFAT file system is not found");
+ 		return -EIO;
+ 	}
++	/* sector cannot be smaller than 512 bytes */
++        if (ef->sb->sector_bits < 9)
++        {
++                exfat_close(ef->dev);
++                exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
++                free(ef->sb);
++                return -EIO;
++        }
++        /* officially exFAT supports cluster size up to 32 MB */
++        if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
++        {
++                exfat_close(ef->dev);
++                exfat_error("too big cluster size: 2^(%hhd+%hhd)",
++                                ef->sb->sector_bits, ef->sb->spc_bits);
++                free(ef->sb);
++                return -EIO;
++        }
++
+ 	if (ef->sb->version.major != 1 || ef->sb->version.minor != 0)
+ 	{
+ 		exfat_close(ef->dev);
+@@ -187,16 +205,6 @@ int exfat_mount(struct exfat* ef, const
+ 		exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count);
+ 		return -EIO;
+ 	}
+-	/* officially exFAT supports cluster size up to 32 MB */
+-	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+-	{
+-		exfat_close(ef->dev);
+-		free(ef->sb);
+-		exfat_error("too big cluster size: 2^%d",
+-				(int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
+-		return -EIO;
+-	}
+-
+ 	ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
+ 	if (ef->zero_cluster == NULL)
+ 	{