From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christoph Hellwig <hch@lst.de>
Subject: hfsplus: validate btree flags
Date: Tue, 12 Oct 2010 15:57:50 +0200
Message-ID: <20101012135750.GE26867@lst.de>
References: <20101012135634.GA26867@lst.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
To: linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from verein.lst.de ([213.95.11.210]:51596 "EHLO verein.lst.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932492Ab0JLN5v (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 12 Oct 2010 09:57:51 -0400
Received: from verein.lst.de (localhost [127.0.0.1])
	by verein.lst.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id o9CDvo88027045
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <linux-fsdevel@vger.kernel.org>; Tue, 12 Oct 2010 15:57:50 +0200
Received: (from hch@localhost)
	by verein.lst.de (8.12.3/8.12.3/Debian-7.2) id o9CDvoJn027044
	for linux-fsdevel@vger.kernel.org; Tue, 12 Oct 2010 15:57:50 +0200
Content-Disposition: inline
In-Reply-To: <20101012135634.GA26867@lst.de>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>


Signed-off-by: Christoph Hellwig <hch@tuxera.com>


Index: linux-2.6/fs/hfsplus/brec.c
===================================================================
--- linux-2.6.orig/fs/hfsplus/brec.c	2010-10-06 10:35:32.715254345 +0200
+++ linux-2.6/fs/hfsplus/brec.c	2010-10-06 10:36:33.964279909 +0200
@@ -42,20 +42,12 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
 		recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec + 1) * 2);
 		if (!recoff)
 			return 0;
-		if (node->tree->attributes & HFS_TREE_BIGKEYS) {
-			retval = hfs_bnode_read_u16(node, recoff) + 2;
-			if (retval > node->tree->max_key_len + 2) {
-				printk(KERN_ERR "hfs: keylen %d too large\n",
-					retval);
-				retval = 0;
-			}
-		} else {
-			retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
-			if (retval > node->tree->max_key_len + 1) {
-				printk(KERN_ERR "hfs: keylen %d too large\n",
-					retval);
-				retval = 0;
-			}
+
+		retval = hfs_bnode_read_u16(node, recoff) + 2;
+		if (retval > node->tree->max_key_len + 2) {
+			printk(KERN_ERR "hfs: keylen %d too large\n",
+				retval);
+			retval = 0;
 		}
 	}
 	return retval;
Index: linux-2.6/fs/hfsplus/btree.c
===================================================================
--- linux-2.6.orig/fs/hfsplus/btree.c	2010-10-06 10:36:04.657254064 +0200
+++ linux-2.6/fs/hfsplus/btree.c	2010-10-06 10:36:12.256253995 +0200
@@ -71,6 +71,11 @@ struct hfs_btree *hfs_btree_open(struct
 				tree->max_key_len);
 			goto fail_page;
 		}
+	   	if (tree->attributes & HFS_TREE_VARIDXKEYS) {
+			printk(KERN_ERR "hfs: invalid extent btree flag\n");
+			goto fail_page;
+		}
+
 		tree->keycmp = hfsplus_ext_cmp_key;
 		break;
 	case HFSPLUS_CAT_CNID:
@@ -79,6 +84,10 @@ struct hfs_btree *hfs_btree_open(struct
 				tree->max_key_len);
 			goto fail_page;
 		}
+	   	if (!(tree->attributes & HFS_TREE_VARIDXKEYS)) {
+			printk(KERN_ERR "hfs: invalid catalog btree flag\n");
+			goto fail_page;
+		}
 
 		if (test_bit(HFSPLUS_SB_HFSX, &HFSPLUS_SB(sb)->flags) &&
 		    (head->key_type == HFSPLUS_KEY_BINARY))
@@ -93,6 +102,11 @@ struct hfs_btree *hfs_btree_open(struct
 		goto fail_page;
 	}
 
+	if (!(tree->attributes & HFS_TREE_BIGKEYS)) {
+		printk(KERN_ERR "hfs: invalid btree flag\n");
+		goto fail_page;
+	}
+
 	size = tree->node_size;
 	if (!is_power_of_2(size))
 		goto fail_page;