diff options
Diffstat (limited to 'fs/partitions/ldm.c')
-rw-r--r-- | fs/partitions/ldm.c | 137 |
1 files changed, 92 insertions, 45 deletions
diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c index 99873a2..e7dd1d4 100644 --- a/fs/partitions/ldm.c +++ b/fs/partitions/ldm.c @@ -677,15 +677,24 @@ static bool ldm_create_data_partitions (struct parsed_partitions *pp, * Return: -1 Error, the calculated offset exceeded the size of the buffer * n OK, a range-checked offset into buffer */ -static int ldm_relative (const u8 *buffer, int buflen, int base, int offset) +static int ldm_relative(const u8 *buffer, int buflen, int base, int offset) { base += offset; - if ((!buffer) || (offset < 0) || (base > buflen)) + if (!buffer || offset < 0 || base > buflen) { + if (!buffer) + ldm_error("!buffer"); + if (offset < 0) + ldm_error("offset (%d) < 0", offset); + if (base > buflen) + ldm_error("base (%d) > buflen (%d)", base, buflen); return -1; - if ((base + buffer[base]) >= buflen) + } + if (base + buffer[base] >= buflen) { + ldm_error("base (%d) + buffer[base] (%d) >= buflen (%d)", base, + buffer[base], buflen); return -1; - + } return buffer[base] + offset + 1; } @@ -1054,60 +1063,98 @@ static bool ldm_parse_prt3(const u8 *buffer, int buflen, struct vblk *vb) * Return: 'true' @vb contains a Volume VBLK * 'false' @vb contents are not defined */ -static bool ldm_parse_vol5 (const u8 *buffer, int buflen, struct vblk *vb) +static bool ldm_parse_vol5(const u8 *buffer, int buflen, struct vblk *vb) { - int r_objid, r_name, r_vtype, r_child, r_size, r_id1, r_id2, r_size2; - int r_drive, len; + int r_objid, r_name, r_vtype, r_disable_drive_letter, r_child, r_size; + int r_id1, r_id2, r_size2, r_drive, len; struct vblk_volu *volu; - BUG_ON (!buffer || !vb); - - r_objid = ldm_relative (buffer, buflen, 0x18, 0); - r_name = ldm_relative (buffer, buflen, 0x18, r_objid); - r_vtype = ldm_relative (buffer, buflen, 0x18, r_name); - r_child = ldm_relative (buffer, buflen, 0x2E, r_vtype); - r_size = ldm_relative (buffer, buflen, 0x3E, r_child); - - if (buffer[0x12] & VBLK_FLAG_VOLU_ID1) - r_id1 = ldm_relative (buffer, buflen, 0x53, r_size); - else + BUG_ON(!buffer || !vb); + r_objid = ldm_relative(buffer, buflen, 0x18, 0); + if (r_objid < 0) { + ldm_error("r_objid %d < 0", r_objid); + return false; + } + r_name = ldm_relative(buffer, buflen, 0x18, r_objid); + if (r_name < 0) { + ldm_error("r_name %d < 0", r_name); + return false; + } + r_vtype = ldm_relative(buffer, buflen, 0x18, r_name); + if (r_vtype < 0) { + ldm_error("r_vtype %d < 0", r_vtype); + return false; + } + r_disable_drive_letter = ldm_relative(buffer, buflen, 0x18, r_vtype); + if (r_disable_drive_letter < 0) { + ldm_error("r_disable_drive_letter %d < 0", + r_disable_drive_letter); + return false; + } + r_child = ldm_relative(buffer, buflen, 0x2D, r_disable_drive_letter); + if (r_child < 0) { + ldm_error("r_child %d < 0", r_child); + return false; + } + r_size = ldm_relative(buffer, buflen, 0x3D, r_child); + if (r_size < 0) { + ldm_error("r_size %d < 0", r_size); + return false; + } + if (buffer[0x12] & VBLK_FLAG_VOLU_ID1) { + r_id1 = ldm_relative(buffer, buflen, 0x52, r_size); + if (r_id1 < 0) { + ldm_error("r_id1 %d < 0", r_id1); + return false; + } + } else r_id1 = r_size; - - if (buffer[0x12] & VBLK_FLAG_VOLU_ID2) - r_id2 = ldm_relative (buffer, buflen, 0x53, r_id1); - else + if (buffer[0x12] & VBLK_FLAG_VOLU_ID2) { + r_id2 = ldm_relative(buffer, buflen, 0x52, r_id1); + if (r_id2 < 0) { + ldm_error("r_id2 %d < 0", r_id2); + return false; + } + } else r_id2 = r_id1; - - if (buffer[0x12] & VBLK_FLAG_VOLU_SIZE) - r_size2 = ldm_relative (buffer, buflen, 0x53, r_id2); - else + if (buffer[0x12] & VBLK_FLAG_VOLU_SIZE) { + r_size2 = ldm_relative(buffer, buflen, 0x52, r_id2); + if (r_size2 < 0) { + ldm_error("r_size2 %d < 0", r_size2); + return false; + } + } else r_size2 = r_id2; - - if (buffer[0x12] & VBLK_FLAG_VOLU_DRIVE) - r_drive = ldm_relative (buffer, buflen, 0x53, r_size2); - else + if (buffer[0x12] & VBLK_FLAG_VOLU_DRIVE) { + r_drive = ldm_relative(buffer, buflen, 0x52, r_size2); + if (r_drive < 0) { + ldm_error("r_drive %d < 0", r_drive); + return false; + } + } else r_drive = r_size2; - len = r_drive; - if (len < 0) + if (len < 0) { + ldm_error("len %d < 0", len); return false; - + } len += VBLK_SIZE_VOL5; - if (len != BE32 (buffer + 0x14)) + if (len > BE32(buffer + 0x14)) { + ldm_error("len %d > BE32(buffer + 0x14) %d", len, + BE32(buffer + 0x14)); return false; - + } volu = &vb->vblk.volu; - - ldm_get_vstr (buffer + 0x18 + r_name, volu->volume_type, - sizeof (volu->volume_type)); - memcpy (volu->volume_state, buffer + 0x19 + r_vtype, - sizeof (volu->volume_state)); - volu->size = ldm_get_vnum (buffer + 0x3E + r_child); - volu->partition_type = buffer[0x42 + r_size]; - memcpy (volu->guid, buffer + 0x43 + r_size, sizeof (volu->guid)); + ldm_get_vstr(buffer + 0x18 + r_name, volu->volume_type, + sizeof(volu->volume_type)); + memcpy(volu->volume_state, buffer + 0x18 + r_disable_drive_letter, + sizeof(volu->volume_state)); + volu->size = ldm_get_vnum(buffer + 0x3D + r_child); + volu->partition_type = buffer[0x41 + r_size]; + memcpy(volu->guid, buffer + 0x42 + r_size, sizeof(volu->guid)); if (buffer[0x12] & VBLK_FLAG_VOLU_DRIVE) { - ldm_get_vstr (buffer + 0x53 + r_size, volu->drive_hint, - sizeof (volu->drive_hint)); + ldm_get_vstr(buffer + 0x52 + r_size, volu->drive_hint, + sizeof(volu->drive_hint)); } return true; } |