msdosfs and small sectors

To: tech-kern%netbsd.org@localhost
Subject: msdosfs and small sectors
From: Maxime Villard <max%M00nBSD.net@localhost>
Date: Tue, 15 Jul 2014 15:27:08 +0200

Hi,
some days ago when reading msdosfs_vfsops.c I saw this:

        if ((error = bread(devvp, 0, secsize, NOCRED, 0, &bp)) != 0)
                goto error_exit;
        bsp = (union bootsector *)bp->b_data;
        b33 = (struct byte_bpb33 *)bsp->bs33.bsBPB;
        b50 = (struct byte_bpb50 *)bsp->bs50.bsBPB;
        b710 = (struct byte_bpb710 *)bsp->bs710.bsBPB;

'secsize' is retrieved through getdisksize(), via an ioctl on the device.

I have a doubt, isn't there a risk that the kernel overflows memory if
secsize is too low? If I plug an USB key with only 2 bytes per sector, only
two bytes will be read by this bread(), and 'bp->b_data' will be accessed
outside the requested area.

Not sure though, does someone have an idea? If I'm right, which limit
should we put?

Thanks,
Maxime

Follow-Ups:
- Re: msdosfs and small sectors
  - From: Martin Husemann

Prev by Date: Re: Problem in msdosfs_moutfs
Next by Date: Re: msdosfs and small sectors
Previous by Thread: Problem in msdosfs_moutfs
Next by Thread: Re: msdosfs and small sectors
Indexes:

Home | Main Index | Thread Index | Old Index