+fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium
+
+ * Add the fix for https://github.com/relan/exfat/issues/5 found
+ and reported by The Fuzzing Project. Check sector and cluster size.
+ * Add the fix for https://github.com/relan/exfat/issues/6 found
+ and reported by The Fuzzing Project. Detect infinite loop.
+
+ -- Sven Hoexter <hoexter@debian.org> Thu, 05 Nov 2015 20:01:33 +0100
+
fuse-exfat (1.1.0-2) unstable; urgency=low
* Remove debian/watch - recent changes at Google code required
static uint64_t rootdir_size(const struct exfat* ef)
{
- uint64_t clusters = 0;
+ uint32_t clusters = 0;
+ uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
- while (!CLUSTER_INVALID(rootdir_cluster))
+ /* Iterate all clusters of the root directory to calculate its size.
+ It can't be contiguous because there is no flag to indicate this. */
+ do
{
- clusters++;
- /* root directory cannot be contiguous because there is no flag
- to indicate this */
+ if (clusters == clusters_max) /* infinite loop detected */
+ {
+ exfat_error("root directory cannot occupy all %d clusters",
+ clusters);
+ return 0;
+ }
+ if (CLUSTER_INVALID(rootdir_cluster))
+ {
+ exfat_error("bad cluster %#x while reading root directory",
+ rootdir_cluster);
+ return 0;
+ }
rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
+ clusters++;
}
- if (rootdir_cluster != EXFAT_CLUSTER_END)
- {
- exfat_error("bad cluster %#x while reading root directory",
- rootdir_cluster);
- return 0;
- }
- return clusters * CLUSTER_SIZE(*ef->sb);
+ while (rootdir_cluster != EXFAT_CLUSTER_END);
+
+ return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
}
static const char* get_option(const char* options, const char* option_name)
exfat_error("exFAT file system is not found");
return -EIO;
}
+ /* sector cannot be smaller than 512 bytes */
+ if (ef->sb->sector_bits < 9)
+ {
+ exfat_close(ef->dev);
+ exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
+ free(ef->sb);
+ return -EIO;
+ }
+ /* officially exFAT supports cluster size up to 32 MB */
+ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+ {
+ exfat_close(ef->dev);
+ exfat_error("too big cluster size: 2^(%hhd+%hhd)",
+ ef->sb->sector_bits, ef->sb->spc_bits);
+ free(ef->sb);
+ return -EIO;
+ }
ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
if (ef->zero_cluster == NULL)
{
free(ef->sb);
return -EIO;
}
- /* officially exFAT supports cluster size up to 32 MB */
- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
- {
- free(ef->zero_cluster);
- exfat_close(ef->dev);
- exfat_error("too big cluster size: 2^%d",
- (int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
- free(ef->sb);
- return -EIO;
- }
if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
exfat_get_size(ef->dev))
{
projects / sven / fuse-exfat.git / commitdiff