summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2014-07-26 22:50:16 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2014-07-26 22:50:16 +0200
commit20942518d5b53680ce461c46a7edb3b2ecbdc38f (patch)
treed78d5160270d1c06c46cb1f7249e7e992f9d0c3d
parent132fba09962b72a9a86739b968faaa53f140150d (diff)
Fix potential integer overflow
-rw-r--r--src/exfat_dir.c2
-rw-r--r--src/fat_cluster.c2
-rw-r--r--src/fat_dir.c6
-rw-r--r--src/fatp.c6
4 files changed, 10 insertions, 6 deletions
diff --git a/src/exfat_dir.c b/src/exfat_dir.c
index b57b318..4a3627a 100644
--- a/src/exfat_dir.c
+++ b/src/exfat_dir.c
@@ -239,7 +239,7 @@ static int exfat_dir(disk_t *disk, const partition_t *partition, dir_data_t *dir
nbr_cluster=0;
while(!is_EOC(cluster) && cluster>=2 && nbr_cluster<NBR_CLUSTER_MAX && stop==0)
{
- if(exfat_read_cluster(disk, partition, exfat_header, buffer_dir + (uint64_t) (nbr_cluster<< cluster_shift), cluster) != (1<<cluster_shift))
+ if(exfat_read_cluster(disk, partition, exfat_header, buffer_dir + ((uint64_t) nbr_cluster << cluster_shift), cluster) != (1<<cluster_shift))
{
log_error("exFAT: Can't read directory cluster.\n");
stop=1;
diff --git a/src/fat_cluster.c b/src/fat_cluster.c
index f735f2d..2d9d387 100644
--- a/src/fat_cluster.c
+++ b/src/fat_cluster.c
@@ -60,7 +60,7 @@ int find_sectors_per_cluster(disk_t *disk_car, partition_t *partition, const int
}
#endif
/* 2 fats, maximum cluster size=128 */
- skip_offset=(uint64_t)((partition->part_size-32*disk_car->sector_size)/disk_car->sector_size/128*1.5/disk_car->sector_size*2)*disk_car->sector_size;
+ skip_offset=(uint64_t)((partition->part_size-32*disk_car->sector_size)/disk_car->sector_size/128*3/2/disk_car->sector_size*2)*disk_car->sector_size;
if(verbose>0)
{
log_verbose("find_sectors_per_cluster skip_sectors=%lu (skip_offset=%lu)\n",
diff --git a/src/fat_dir.c b/src/fat_dir.c
index faa739e..99842d2 100644
--- a/src/fat_dir.c
+++ b/src/fat_dir.c
@@ -340,6 +340,10 @@ static int fat_dir(disk_t *disk_car, const partition_t *partition, dir_data_t *d
}
cluster=le32(fat_header->root_cluster);
}
+ if(get_next_cluster(disk_car, partition, partition->upart_type, le16(fat_header->reserved), cluster)==0)
+ {
+ return 0;
+ }
{
const unsigned int cluster_size=fat_header->sectors_per_cluster * fat_sector_size(fat_header);
unsigned char *buffer_dir=(unsigned char *)MALLOC(cluster_size*NBR_CLUSTER_MAX);
@@ -357,7 +361,7 @@ static int fat_dir(disk_t *disk_car, const partition_t *partition, dir_data_t *d
nbr_cluster=0;
while(!is_EOC(cluster, partition->upart_type) && cluster>=2 && nbr_cluster<NBR_CLUSTER_MAX && stop==0)
{
- uint64_t start=partition->part_offset+(uint64_t)(start_data+(cluster-2)*fat_header->sectors_per_cluster)*fat_sector_size(fat_header);
+ const uint64_t start=partition->part_offset+(uint64_t)(start_data+(cluster-2)*fat_header->sectors_per_cluster)*fat_sector_size(fat_header);
// if(dir_data->verbose>0)
{
log_info("FAT: cluster=%u(0x%x), pos=%lu\n",cluster,cluster,(long unsigned)(start/fat_sector_size(fat_header)));
diff --git a/src/fatp.c b/src/fatp.c
index 64421fe..af33ec3 100644
--- a/src/fatp.c
+++ b/src/fatp.c
@@ -50,7 +50,7 @@ static void fat12_remove_used_space(disk_t *disk,const partition_t *partition, a
log_trace("fat12_remove_used_space\n");
buffer=(unsigned char *)MALLOC(2*sector_size);
del_search_space(list_search_space, partition->part_offset,
- partition->part_offset+(uint64_t)(start_data*sector_size)-1);
+ partition->part_offset + (uint64_t)start_data * sector_size - 1);
for(cluster=2; cluster<=no_of_cluster+1; cluster++)
{
unsigned long int offset_s,offset_o;
@@ -100,7 +100,7 @@ static void fat16_remove_used_space(disk_t *disk_car,const partition_t *partitio
buffer=(unsigned char *)MALLOC(sector_size);
p16=(const uint16_t*)buffer;
del_search_space(list_search_space, partition->part_offset,
- partition->part_offset+(uint64_t)(start_data*sector_size)-1);
+ partition->part_offset + (uint64_t)start_data * sector_size - 1);
for(prev_cluster=2;prev_cluster<=no_of_cluster+1;prev_cluster++)
{
unsigned int offset_o;
@@ -144,7 +144,7 @@ static void fat32_remove_used_space(disk_t *disk_car,const partition_t *partitio
buffer=(unsigned char *)MALLOC(sector_size);
p32=(uint32_t*)buffer;
del_search_space(list_search_space, partition->part_offset,
- partition->part_offset+(uint64_t)(start_data*sector_size)-1);
+ partition->part_offset + (uint64_t)start_data * sector_size - 1);
for(prev_cluster=2;prev_cluster<=no_of_cluster+1;prev_cluster++)
{
unsigned long int cluster;