X-Git-Url: https://git.sven.stormbind.net/?a=blobdiff_plain;f=debian%2Fpatches%2Fcheck-sector-and-cluster-size;fp=debian%2Fpatches%2Fcheck-sector-and-cluster-size;h=98280d1777dfee9078932de7589ce7ee2e026d6a;hb=c2c2fb4e91ff79748cc575c78527031d160e2337;hp=0000000000000000000000000000000000000000;hpb=fcca1b7829c895d9de081ac6ad7b77179d9a4ef2;p=sven%2Fexfat-utils.git

diff --git a/debian/patches/check-sector-and-cluster-size b/debian/patches/check-sector-and-cluster-size
new file mode 100644
index 0000000..98280d1
--- /dev/null
+++ b/debian/patches/check-sector-and-cluster-size
@@ -0,0 +1,48 @@
+Patch for https://github.com/relan/exfat/issues/5
+See also:
+https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
+Index: exfat-utils/libexfat/mount.c
+===================================================================
+--- exfat-utils.orig/libexfat/mount.c
++++ exfat-utils/libexfat/mount.c
+@@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const
+ 		exfat_error("exFAT file system is not found");
+ 		return -EIO;
+ 	}
++	/* sector cannot be smaller than 512 bytes */
++	if (ef->sb->sector_bits < 9)
++	{
++		exfat_close(ef->dev);
++		exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
++		free(ef->sb);
++		return -EIO;
++	}
++	/* officially exFAT supports cluster size up to 32 MB */
++	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
++	{
++		exfat_close(ef->dev);
++		exfat_error("too big cluster size: 2^(%hhd+%hhd)",
++				ef->sb->sector_bits, ef->sb->spc_bits);
++		free(ef->sb);
++		return -EIO;
++	}
+ 	ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
+ 	if (ef->zero_cluster == NULL)
+ 	{
+@@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const
+ 		free(ef->sb);
+ 		return -EIO;
+ 	}
+-	/* officially exFAT supports cluster size up to 32 MB */
+-	if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
+-	{
+-		free(ef->zero_cluster);
+-		exfat_close(ef->dev);
+-		exfat_error("too big cluster size: 2^%d",
+-				(int) ef->sb->sector_bits + (int) ef->sb->spc_bits);
+-		free(ef->sb);
+-		return -EIO;
+-	}
+ 	if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
+ 			exfat_get_size(ef->dev))
+ 	{