diff options
| author | avg <avg@FreeBSD.org> | 2010-04-02 15:22:23 +0000 |
|---|---|---|
| committer | avg <avg@FreeBSD.org> | 2010-04-02 15:22:23 +0000 |
| commit | dd4e4b7f60698ceccabbbc925646ca615a54800e (patch) | |
| tree | e885142d8e913f39c6b3ee3947dc31a54eb4a5bf | |
| parent | ad244906c74c0dab6b5a3c0aed3426a7b51f2f3c (diff) | |
| download | FreeBSD-src-dd4e4b7f60698ceccabbbc925646ca615a54800e.zip FreeBSD-src-dd4e4b7f60698ceccabbbc925646ca615a54800e.tar.gz | |
mountmsdosfs: reject too high value of bytes per cluster
Bytes per cluster are calcuated as bytes per sector times sectors per
cluster. Too high value can overflow an internal variable with type
that can hold only values in valid range. Trying to use a wider type
results in an attempt to read more than MAXBSIZE at once, a panic.
Unfortunately, it is FreeBSD newfs_msdos that produces filesystems
with invalid parameters for certain types of media.
Reported by: Fabian Keil <freebsd-listen@fabiankeil.de>,
Paul B. Mahol <onemda@gmail.com>
Discussed with: bde, kib
MFC after: 1 week
X-ToDo: fix newfs_msdos
| -rw-r--r-- | sys/fs/msdosfs/msdosfs_vfsops.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/fs/msdosfs/msdosfs_vfsops.c b/sys/fs/msdosfs/msdosfs_vfsops.c index 77583ee..a0801bd 100644 --- a/sys/fs/msdosfs/msdosfs_vfsops.c +++ b/sys/fs/msdosfs/msdosfs_vfsops.c @@ -580,6 +580,7 @@ mountmsdosfs(struct vnode *devvp, struct mount *mp) || (pmp->pm_BytesPerSec & (pmp->pm_BytesPerSec - 1)) || (pmp->pm_HugeSectors == 0) || (pmp->pm_FATsecs == 0) + || (SecPerClust * pmp->pm_BlkPerSec > MAXBSIZE / DEV_BSIZE) ) { error = EINVAL; goto error_exit; |
