tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

msdosfs and small sectors



Hi,
some days ago when reading msdosfs_vfsops.c I saw this:

        if ((error = bread(devvp, 0, secsize, NOCRED, 0, &bp)) != 0)
                goto error_exit;
        bsp = (union bootsector *)bp->b_data;
        b33 = (struct byte_bpb33 *)bsp->bs33.bsBPB;
        b50 = (struct byte_bpb50 *)bsp->bs50.bsBPB;
        b710 = (struct byte_bpb710 *)bsp->bs710.bsBPB;

'secsize' is retrieved through getdisksize(), via an ioctl on the device.

I have a doubt, isn't there a risk that the kernel overflows memory if
secsize is too low? If I plug an USB key with only 2 bytes per sector, only
two bytes will be read by this bread(), and 'bp->b_data' will be accessed
outside the requested area.

Not sure though, does someone have an idea? If I'm right, which limit
should we put?

Thanks,
Maxime


Home | Main Index | Thread Index | Old Index