From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Mon, 25 Sep 2023 22:27:22 +0000 (+0200)
Subject: libblkid: (ntfs) validate that sector_size is a power of two
X-Git-Tag: v2.39.3~47
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=7e5056f33bdfd867ce6f1a642f560fdf0b402c1e;p=thirdparty%2Futil-linux.git

libblkid: (ntfs) validate that sector_size is a power of two

The NTFS prober reads data based off an offset of the sector size.
If the sector size is unaligned and the read data is cached then other
probers can read unaligned values.

Sector sizes for NTFS actually only make sense as power-of-two so
validate that and as a sideeffect avoid the unaligned reads.

Also add the reproducer from OSS-Fuzz that found this issue.

Fixes #2509

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
---

diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
index 8309ea8ca9..ab8c9213b3 100644
--- a/libblkid/src/superblocks/ntfs.c
+++ b/libblkid/src/superblocks/ntfs.c
@@ -97,7 +97,7 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
 	 */
 	sector_size = le16_to_cpu(ns->bpb.sector_size);
 
-	if (sector_size < 256 || sector_size > 4096)
+	if (sector_size < 256 || sector_size > 4096 || !is_power_of_2(sector_size))
 		return 1;
 
 	switch (ns->bpb.sectors_per_cluster) {
diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691
new file mode 100644
index 0000000000..9d10ae3cb0
Binary files /dev/null and b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-62691 differ