libblkid: (ntfs) validate that sector_size is a power of two

The NTFS prober reads data based off an offset of the sector size.
If the sector size is unaligned and the read data is cached then other
probers can read unaligned values.

Sector sizes for NTFS actually only make sense as power-of-two so
validate that and as a sideeffect avoid the unaligned reads.

Also add the reproducer from OSS-Fuzz that found this issue.

Fixes #2509

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>

diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
index 8309ea8ca92182f0255cc7a37e3c05edaef2038e..ab8c9213b39c431ed2b8acb2d1c99a5f7d3d1d02 100644 (file)
--- a/libblkid/src/superblocks/ntfs.c
+++ b/libblkid/src/superblocks/ntfs.c
@@ -97,7 +97,7 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
         */
        sector_size = le16_to_cpu(ns->bpb.sector_size);
 
-       if (sector_size < 256 || sector_size > 4096)
+       if (sector_size < 256 || sector_size > 4096 || !is_power_of_2(sector_size))
                return 1;
 
        switch (ns->bpb.sectors_per_cluster) {

diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691
new file mode 100644 (file)
index 0000000..9d10ae3
Binary files /dev/null and b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691 differ