From: Karel Zak <kzak@redhat.com>
Date: Thu, 12 Apr 2018 12:21:47 +0000 (+0200)
Subject: libblkid: (hfs) check allocation size
X-Git-Tag: v2.32.1~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ba4b32eac2673030c59a382e8aba7c0f36114c1;p=thirdparty%2Futil-linux.git

libblkid: (hfs) check allocation size

The current prober is based on signature only (two bytes!). It seems
pretty fragile. Linux kernel also checks for allocation size in the
superblock, let's use it too... it's better than nothing.

Reported-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/libblkid/src/superblocks/hfs.c b/libblkid/src/superblocks/hfs.c
index 19f14ed0d2..7b01174050 100644
--- a/libblkid/src/superblocks/hfs.c
+++ b/libblkid/src/superblocks/hfs.c
@@ -25,6 +25,8 @@ struct hfs_finder_info {
         uint8_t         id[8];
 } __attribute__((packed));
 
+#define HFS_SECTOR_SIZE         512
+
 struct hfs_mdb {
         uint8_t         signature[2];
         uint32_t        cr_date;
@@ -153,6 +155,7 @@ static int hfs_set_uuid(blkid_probe pr, unsigned char const *hfs_info, size_t le
 static int probe_hfs(blkid_probe pr, const struct blkid_idmag *mag)
 {
 	struct hfs_mdb	*hfs;
+	int size;
 
 	hfs = blkid_probe_get_sb(pr, mag, struct hfs_mdb);
 	if (!hfs)
@@ -162,6 +165,12 @@ static int probe_hfs(blkid_probe pr, const struct blkid_idmag *mag)
 	    (memcmp(hfs->embed_sig, "HX", 2) == 0))
 		return 1;	/* Not hfs, but an embedded HFS+ */
 
+	size = be32_to_cpu(hfs->al_blk_size);
+	if (!size || (size & (HFS_SECTOR_SIZE - 1))) {
+		DBG(LOWPROBE, ul_debug("\tbad allocation size - ignore"));
+		return 1;
+	}
+
 	hfs_set_uuid(pr, hfs->finder_info.id, sizeof(hfs->finder_info.id));
 
 	blkid_probe_set_label(pr, hfs->label, hfs->label_len);