* grub-core/fs/ntfs.c (read_data): Prevent overflow.

	(read_attr): Ensure that we read start of possibly compressed block.

diff --git a/ChangeLog b/ChangeLog
index 15a99b9c40d9842f9b1ed723cdc2150cbadfd2f8..4220ff1310651f3b06c51953d7cce0d990da4308 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-15  Vladimir Serbinenko  <phcoder@gmail.com>
+
+       * grub-core/fs/ntfs.c (read_data): Prevent overflow.
+       (read_attr): Ensure that we read start of possibly compressed block.
+
 2012-05-15  Vladimir Serbinenko  <phcoder@gmail.com>
 
        * include/grub/ntfs.h (grub_ntfs_comp_table_element): New struct.

diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
index 1e0885cc7f282b6ebf56571f8b4fa6dba6743986..80e0f6a0eac04afefcce02fd2d006cc54fc33a5d 100644 (file)
--- a/grub-core/fs/ntfs.c
+++ b/grub-core/fs/ntfs.c
@@ -441,7 +441,7 @@ read_data (struct grub_ntfs_attr *at, char *pa, char *dest,
        }
 
       vcn = ctx->target_vcn = (ofs >> GRUB_NTFS_COM_LOG_LEN) * (GRUB_NTFS_COM_SEC / ctx->comp.spc);
-      ctx->target_vcn &= ~0xF;
+      ctx->target_vcn &= ~0xFULL;
     }
   else
     vcn = ctx->target_vcn = grub_divmod64 (ofs >> GRUB_NTFS_BLK_SHR, ctx->comp.spc, 0);
@@ -513,7 +513,13 @@ read_attr (struct grub_ntfs_attr *at, char *dest, grub_disk_addr_t ofs,
       char *pa;
       grub_disk_addr_t vcn;
 
-      vcn = grub_divmod64 (ofs, at->mft->data->spc << GRUB_NTFS_BLK_SHR, 0);
+      /* If compression is possible make sure that we include possible
+        compressed block size.  */
+      if (GRUB_NTFS_COM_SEC >= at->mft->data->spc)
+       vcn = ((ofs >> GRUB_NTFS_COM_LOG_LEN)
+              * (GRUB_NTFS_COM_SEC / at->mft->data->spc)) & ~0xFULL;
+      else
+       vcn = grub_divmod64 (ofs, at->mft->data->spc << GRUB_NTFS_BLK_SHR, 0);
       pa = at->attr_nxt + u16at (at->attr_nxt, 4);
       while (pa < at->attr_end)
        {