Hi all,
In -current and -stable, mountmsdosfs() doesn't not check if
pm_nxtfree exceeds the max cluster in the file system. So if a corrupted
msdos filesystem(which is not uncommon) is written, the following code
in updatefats()@msdosfs_fat.c will generate an unpleasure panic. :)
u_long cn = pmp->pm_nxtfree;
if (pmp->pm_freeclustercount
&& (pmp->pm_inusemap[cn / N_INUSEBITS]
& (1 << (cn % N_INUSEBITS)))) { .... }
A patch of primitive validation for pm_nxtfree in
mountmsdosfs()@msdosfs_vfsops.c is attached in this mail. BTW, does
anyone know why fsck_msdos is missing in FreeBSD?
Cheers,
Jiangyi
*** msdosfs_vfsops.c.orig Sat Jun 30 14:21:15 2001
--- msdosfs_vfsops.c Sat Jun 30 14:30:25 2001
***************
*** 681,686 ****
--- 681,692 ----
/*
* Check and validate (or perhaps invalidate?) the fsinfo structure? XXX
*/
+ if (pmp->pm_fsinfo && pmp->pm_nxtfree > pmp->pm_maxcluster) {
+ printf ("Next free cluster in FSInfo (%u) exceeds maxcluster (%u)\n",
+ pmp->pm_nxtfree, pmp->pm_maxcluster);
+ error = EINVAL;
+ goto error_exit;
+ }
/*
* Allocate memory for the bitmap of allocated clusters, and then
