diff options
author | Russell King <rmk+kernel@armlinux.org.uk> | 2019-12-09 11:11:08 +0000 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2020-01-20 20:12:42 -0500 |
commit | d79288b4f61b40976182786ba2cb05ed5f2b6945 (patch) | |
tree | 8621e52c3d528be105e6827780dccc29e0b5e4c7 | |
parent | aa3d4e015298fd523617c2bea392d02ea19eaa1a (diff) |
fs/adfs: bigdir: calculate and validate directory checkbyte
When reading a big directory, calculate the validate the directory
checkbyte to ensure that the directory contents are valid.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/adfs/dir_fplus.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/fs/adfs/dir_fplus.c b/fs/adfs/dir_fplus.c index a2fa416fbb6d..4ab8987962f0 100644 --- a/fs/adfs/dir_fplus.c +++ b/fs/adfs/dir_fplus.c @@ -67,6 +67,39 @@ static int adfs_fplus_validate_tail(const struct adfs_bigdirheader *h, return 0; } +static u8 adfs_fplus_checkbyte(struct adfs_dir *dir) +{ + struct adfs_bigdirheader *h = dir->bighead; + struct adfs_bigdirtail *t = dir->bigtail; + unsigned int end, bs, bi, i; + __le32 *bp; + u32 dircheck; + + end = adfs_fplus_offset(h, le32_to_cpu(h->bigdirentries)) + + le32_to_cpu(h->bigdirnamesize); + + /* Accumulate the contents of the header, entries and names */ + for (dircheck = 0, bi = 0; end; bi++) { + bp = (void *)dir->bhs[bi]->b_data; + bs = dir->bhs[bi]->b_size; + if (bs > end) + bs = end; + + for (i = 0; i < bs; i += sizeof(u32)) + dircheck = ror32(dircheck, 13) ^ le32_to_cpup(bp++); + + end -= bs; + } + + /* Accumulate the contents of the tail except for the check byte */ + dircheck = ror32(dircheck, 13) ^ le32_to_cpu(t->bigdirendname); + dircheck = ror32(dircheck, 13) ^ t->bigdirendmasseq; + dircheck = ror32(dircheck, 13) ^ t->reserved[0]; + dircheck = ror32(dircheck, 13) ^ t->reserved[1]; + + return dircheck ^ dircheck >> 8 ^ dircheck >> 16 ^ dircheck >> 24; +} + static int adfs_fplus_read(struct super_block *sb, u32 indaddr, unsigned int size, struct adfs_dir *dir) { @@ -107,6 +140,11 @@ static int adfs_fplus_read(struct super_block *sb, u32 indaddr, goto out; } + if (adfs_fplus_checkbyte(dir) != t->bigdircheckbyte) { + adfs_error(sb, "dir %06x checkbyte mismatch\n", indaddr); + goto out; + } + dir->parent_id = le32_to_cpu(h->bigdirparent); return 0; |