diff options
| author | Justus Winter <justus@gnupg.org> | 2016-04-17 16:36:32 +0200 |
|---|---|---|
| committer | Justus Winter <justus@gnupg.org> | 2016-04-17 17:08:26 +0200 |
| commit | 21ee0e79e90c3cf63613bc1a00a609cfaf1777b2 (patch) | |
| tree | 2bd6b7a1bbbd475f0a5a7065fe7b99ad6fd94281 | |
| parent | 54ab56a23c472729ba3834f90b01c4406ed358b8 (diff) | |
isofs: make superblock detection more robust
* isofs/isofs.h (disk_image_len): New variable.
* isofs/main.c (read_sblock): Avoid out of bounds access.
* isofs/pager.c (disk_image_len): New variable.
(create_disk_pager): Initialize 'disk_image_len'.
| -rw-r--r-- | isofs/isofs.h | 1 | ||||
| -rw-r--r-- | isofs/main.c | 9 | ||||
| -rw-r--r-- | isofs/pager.c | 2 |
3 files changed, 5 insertions, 7 deletions
diff --git a/isofs/isofs.h b/isofs/isofs.h index 3f6690be..2ba013c2 100644 --- a/isofs/isofs.h +++ b/isofs/isofs.h @@ -75,6 +75,7 @@ char *mounted_on; /* Mapped image of disk */ void *disk_image; +size_t disk_image_len; /* Processed sblock info */ diff --git a/isofs/main.c b/isofs/main.c index 95c90fe8..c07cf3ff 100644 --- a/isofs/main.c +++ b/isofs/main.c @@ -72,17 +72,13 @@ static void read_sblock () { struct voldesc *vd; - error_t err; struct sblock * volatile sb = 0; - err = diskfs_catch_exception (); - if (err) - error (4, err, "reading superblock"); - /* Start at logical sector 16 and keep going until we find a matching superblock */ for (vd = disk_image + (logical_sector_size * 16); - (void *) vd < disk_image + (logical_sector_size * 500); /* for sanity */ + (void *) vd < disk_image + (logical_sector_size * 500) /* for sanity */ + && (void *) vd + logical_sector_size < disk_image + disk_image_len; vd = (void *) vd + logical_sector_size) { if (vd->type == VOLDESC_END) @@ -105,7 +101,6 @@ read_sblock () if (!sblock) error (1, errno, "Could not allocate memory for superblock"); memcpy (sblock, sb, sizeof (struct sblock)); - diskfs_end_catch_exception (); /* Parse some important bits of this */ logical_block_size = isonum_723 (sblock->blksize); diff --git a/isofs/pager.c b/isofs/pager.c index 35de37e4..b4be4e2d 100644 --- a/isofs/pager.c +++ b/isofs/pager.c @@ -28,6 +28,7 @@ struct port_bucket *pager_bucket; /* Mapped image of the disk */ void *disk_image; +size_t disk_image_len; /* Implement the pager_read_page callback from the pager library. See @@ -148,6 +149,7 @@ create_disk_pager (void) upi->np = 0; pager_bucket = ports_create_bucket (); diskfs_start_disk_pager (upi, pager_bucket, 1, 0, store->size, &disk_image); + disk_image_len = store->size; upi->p = diskfs_disk_pager; } |