X-Git-Url: http://git.sven.stormbind.net/?a=blobdiff_plain;f=debian%2Fpatches%2Fdetect-infinite-loop;fp=debian%2Fpatches%2Fdetect-infinite-loop;h=a50f38c3a5762a62c606bb626419b64ae6140aee;hb=9bab21334cb900357cb07fe6ce527a45a7f76457;hp=0000000000000000000000000000000000000000;hpb=c2c2fb4e91ff79748cc575c78527031d160e2337;p=sven%2Fexfat-utils.git diff --git a/debian/patches/detect-infinite-loop b/debian/patches/detect-infinite-loop new file mode 100644 index 0000000..a50f38c --- /dev/null +++ b/debian/patches/detect-infinite-loop @@ -0,0 +1,52 @@ +Patch for https://github.com/relan/exfat/issues/6 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=================================================================== +--- exfat-utils.orig/libexfat/mount.c ++++ exfat-utils/libexfat/mount.c +@@ -30,23 +30,32 @@ + + static uint64_t rootdir_size(const struct exfat* ef) + { +- uint64_t clusters = 0; ++ uint32_t clusters = 0; ++ uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count); + cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster); + +- while (!CLUSTER_INVALID(rootdir_cluster)) ++ /* Iterate all clusters of the root directory to calculate its size. ++ It can't be contiguous because there is no flag to indicate this. */ ++ do + { +- clusters++; +- /* root directory cannot be contiguous because there is no flag +- to indicate this */ ++ if (clusters == clusters_max) /* infinite loop detected */ ++ { ++ exfat_error("root directory cannot occupy all %d clusters", ++ clusters); ++ return 0; ++ } ++ if (CLUSTER_INVALID(rootdir_cluster)) ++ { ++ exfat_error("bad cluster %#x while reading root directory", ++ rootdir_cluster); ++ return 0; ++ } + rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster); ++ clusters++; + } +- if (rootdir_cluster != EXFAT_CLUSTER_END) +- { +- exfat_error("bad cluster %#x while reading root directory", +- rootdir_cluster); +- return 0; +- } +- return clusters * CLUSTER_SIZE(*ef->sb); ++ while (rootdir_cluster != EXFAT_CLUSTER_END); ++ ++ return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb); + } + + static const char* get_option(const char* options, const char* option_name)