debian/patches/detect-infinite-loop

   1 Patch for https://github.com/relan/exfat/issues/6
   2 See also:
   3 https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
   4 Index: exfat-utils/libexfat/mount.c
   5 ===================================================================
   6 --- exfat-utils.orig/libexfat/mount.c
   7 +++ exfat-utils/libexfat/mount.c
   8 @@ -30,23 +30,32 @@
   9
  10  static uint64_t rootdir_size(const struct exfat* ef)
  11  {
  12 -       uint64_t clusters = 0;
  13 +       uint32_t clusters = 0;
  14 +       uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count);
  15         cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
  16
  17 -       while (!CLUSTER_INVALID(rootdir_cluster))
  18 +       /* Iterate all clusters of the root directory to calculate its size.
  19 +          It can't be contiguous because there is no flag to indicate this. */
  20 +       do
  21         {
  22 -               clusters++;
  23 -               /* root directory cannot be contiguous because there is no flag
  24 -                  to indicate this */
  25 +               if (clusters == clusters_max) /* infinite loop detected */
  26 +               {
  27 +                       exfat_error("root directory cannot occupy all %d clusters",
  28 +                                       clusters);
  29 +                       return 0;
  30 +               }
  31 +               if (CLUSTER_INVALID(rootdir_cluster))
  32 +               {
  33 +                       exfat_error("bad cluster %#x while reading root directory",
  34 +                                       rootdir_cluster);
  35 +                       return 0;
  36 +               }
  37                 rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster);
  38 +               clusters++;
  39         }
  40 -       if (rootdir_cluster != EXFAT_CLUSTER_END)
  41 -       {
  42 -               exfat_error("bad cluster %#x while reading root directory",
  43 -                               rootdir_cluster);
  44 -               return 0;
  45 -       }
  46 -       return clusters * CLUSTER_SIZE(*ef->sb);
  47 +       while (rootdir_cluster != EXFAT_CLUSTER_END);
  48 +
  49 +       return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb);
  50  }
  51
  52  static const char* get_option(const char* options, const char* option_name)