Hi all,

I am studying an NTFS problem, and came across the NTFS fixup mechanism. 

It took me much too long to understand the fixup mechanism, even though
a comment tried to explain it. So I rewrote the comment. 

Also, the "start" value that is read from the record, could be much 
larger than expected, which could lead to accessing random data. The
fixup should fail then, and this is also patched below. 

Patch attached. 

                                Roger. 

--------------------------------------------------------------------

diff -ur linux-2.4.3.clean/fs/ntfs/super.c linux-2.4.3.ntfs_fix/fs/ntfs/super.c
--- linux-2.4.3.clean/fs/ntfs/super.c   Sun Apr 15 14:48:05 2001
+++ linux-2.4.3.ntfs_fix/fs/ntfs/super.c        Sun Apr 15 14:47:48 2001
@@ -30,6 +30,22 @@
  * . the magic identifier is wrong
  * . the size is given and does not match the number of sectors
  * . a fixup is invalid
+ ******
+ * Somehow that comment may sound usable to the person who wrote it, but 
+ * in fact it took me over an hour to figure it out. That's not what 
+ * comments are for. So let me try to explain it: 
+ *
+ * A record contains a fixup-area. The size of this area is S+1 words,
+ * with S the number of sectors in the record. 
+ *
+ * The first word of the fixup area is a random word. 
+ * The last word of every sector should contain this random word. 
+ * The rest of the fixup area contains the original contents of that
+ * last word of each sector of the record. 
+ * the position and length of the fixup area are stored at offset 4 
+ * and 6 in the record.  
+ *
+ * Hope this helps. -- REW
  */
 int ntfs_fixup_record(ntfs_volume *vol, char *record, char *magic, int size)
 {
@@ -42,6 +58,8 @@
        count=NTFS_GETU16(record+6);
        count--;
        if(size && vol->blocksize*count != size)
+               return 0;
+       if (start >= size) 
                return 0;
        fixup = NTFS_GETU16(record+start);
        start+=2;
Only in linux-2.4.3.ntfs_fix/fs/ntfs: super.c.orig


-- 
** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* There are old pilots, and there are bold pilots. 
* There are also old, bald pilots. 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to