[src/trunk]: src/sbin/fsck_msdos From: http://marc.info/?l=openbsd-tech&m=140...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b58310e9b5f2
branches:  trunk
changeset: 330402:b58310e9b5f2
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Jul 07 17:55:53 2014 +0000

description:
From: http://marc.info/?l=openbsd-tech&m=140275150804337&w=2
Avoid infinite loops in cluster chain linked lists.

diffstat:

 sbin/fsck_msdos/fat.c |  20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)

diffs (55 lines):

diff -r 27344e5a3569 -r b58310e9b5f2 sbin/fsck_msdos/fat.c
--- a/sbin/fsck_msdos/fat.c     Mon Jul 07 17:45:42 2014 +0000
+++ b/sbin/fsck_msdos/fat.c     Mon Jul 07 17:55:53 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fat.c,v 1.25 2014/07/07 17:45:42 christos Exp $        */
+/*     $NetBSD: fat.c,v 1.26 2014/07/07 17:55:53 christos Exp $        */
 
 /*
  * Copyright (C) 1995, 1996, 1997 Wolfgang Solfrank
@@ -28,7 +28,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: fat.c,v 1.25 2014/07/07 17:45:42 christos Exp $");
+__RCSID("$NetBSD: fat.c,v 1.26 2014/07/07 17:55:53 christos Exp $");
 #endif /* not lint */
 
 #include <stdlib.h>
@@ -413,10 +413,10 @@
                        continue;
 
                /* follow the chain to its end (hopefully) */
-               for (p = head;
+               for (len = fat[head].length, p = head;
                     (n = fat[p].next) >= CLUST_FIRST && n < boot->NumClusters;
                     p = n)
-                       if (fat[n].head != head)
+                       if (fat[n].head != head || len-- < 2)
                                break;
                if (n >= CLUST_EOFS)
                        continue;
@@ -424,14 +424,20 @@
                if (n == CLUST_FREE || n >= CLUST_RSRVD) {
                        pwarn("Cluster chain starting at %u ends with cluster marked %s\n",
                              head, rsrvdcltype(n));
+clear:
                        ret |= tryclear(boot, fat, head, &fat[p].next);
                        continue;
                }
                if (n < CLUST_FIRST || n >= boot->NumClusters) {
                        pwarn("Cluster chain starting at %u ends with cluster out of range (%u)\n",
-                             head, n);
-                       ret |= tryclear(boot, fat, head, &fat[p].next);
-                       continue;
+                           head, n);
+                       goto clear;
+               }
+               if (head == fat[n].head) {
+                       pwarn("Cluster chain starting at %u loops at cluster %u\n",
+                       
+                           head, p);
+                       goto clear;
                }
                pwarn("Cluster chains starting at %u and %u are linked at cluster %u\n",
                      head, fat[n].head, n);