libblkid: (ntfs) validate that sector_size is a power of two

The NTFS prober reads data based off an offset of the sector size.
If the sector size is unaligned and the read data is cached then other
probers can read unaligned values.

Sector sizes for NTFS actually only make sense as power-of-two so
validate that and as a sideeffect avoid the unaligned reads.

Also add the reproducer from OSS-Fuzz that found this issue.

Fixes #2509

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>

diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
index d0dbb60fa254d0c001b4a65030f0d5b9979fe7bf..8ce557a113c1158aba0c9b86155f66faace3bdfa 100644 (file)
--- a/libblkid/src/superblocks/ntfs.c
+++ b/libblkid/src/superblocks/ntfs.c
@@ -97,7 +97,7 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
         */
        sector_size = le16_to_cpu(ns->bpb.sector_size);
 
-       if (sector_size < 256 || sector_size > 4096)
+       if (sector_size < 256 || sector_size > 4096 || !is_power_of_2(sector_size))
                return 1;
 
        switch (ns->bpb.sectors_per_cluster) {

diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691
new file mode 100644 (file)
index 0000000..9d10ae3
Binary files /dev/null and b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691 differ