| |
@@ -0,0 +1,156 @@
|
| |
+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
| |
+ From: Maxim Suhanov <dfirblog@gmail.com>
|
| |
+ Date: Tue, 3 Oct 2023 19:12:28 +0200
|
| |
+ Subject: [PATCH] fs/ntfs: Make code more readable
|
| |
+
|
| |
+ Move some calls used to access NTFS attribute header fields into
|
| |
+ functions with human-readable names.
|
| |
+
|
| |
+ Suggested-by: Daniel Kiper <daniel.kiper@oracle.com>
|
| |
+ Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
|
| |
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
| |
+ ---
|
| |
+ grub-core/fs/ntfs.c | 48 +++++++++++++++++++++++++++++++++---------------
|
| |
+ 1 file changed, 33 insertions(+), 15 deletions(-)
|
| |
+
|
| |
+ diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
|
| |
+ index 32ba8276dd8d..991b1c2094f5 100644
|
| |
+ --- a/grub-core/fs/ntfs.c
|
| |
+ +++ b/grub-core/fs/ntfs.c
|
| |
+ @@ -52,6 +52,24 @@ u64at (void *ptr, grub_size_t ofs)
|
| |
+ return grub_le_to_cpu64 (grub_get_unaligned64 ((char *) ptr + ofs));
|
| |
+ }
|
| |
+
|
| |
+ +static grub_uint16_t
|
| |
+ +first_attr_off (void *mft_buf_ptr)
|
| |
+ +{
|
| |
+ + return u16at (mft_buf_ptr, 0x14);
|
| |
+ +}
|
| |
+ +
|
| |
+ +static grub_uint16_t
|
| |
+ +res_attr_data_off (void *res_attr_ptr)
|
| |
+ +{
|
| |
+ + return u16at (res_attr_ptr, 0x14);
|
| |
+ +}
|
| |
+ +
|
| |
+ +static grub_uint32_t
|
| |
+ +res_attr_data_len (void *res_attr_ptr)
|
| |
+ +{
|
| |
+ + return u32at (res_attr_ptr, 0x10);
|
| |
+ +}
|
| |
+ +
|
| |
+ grub_ntfscomp_func_t grub_ntfscomp_func;
|
| |
+
|
| |
+ static grub_err_t
|
| |
+ @@ -106,7 +124,7 @@ init_attr (struct grub_ntfs_attr *at, struct grub_ntfs_file *mft)
|
| |
+ {
|
| |
+ at->mft = mft;
|
| |
+ at->flags = (mft == &mft->data->mmft) ? GRUB_NTFS_AF_MMFT : 0;
|
| |
+ - at->attr_nxt = mft->buf + u16at (mft->buf, 0x14);
|
| |
+ + at->attr_nxt = mft->buf + first_attr_off (mft->buf);
|
| |
+ at->attr_end = at->emft_buf = at->edat_buf = at->sbuf = NULL;
|
| |
+ }
|
| |
+
|
| |
+ @@ -154,7 +172,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
| |
+ return NULL;
|
| |
+ }
|
| |
+
|
| |
+ - new_pos = &at->emft_buf[u16at (at->emft_buf, 0x14)];
|
| |
+ + new_pos = &at->emft_buf[first_attr_off (at->emft_buf)];
|
| |
+ while (*new_pos != 0xFF)
|
| |
+ {
|
| |
+ if ((*new_pos == *at->attr_cur)
|
| |
+ @@ -213,7 +231,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
|
| |
+ }
|
| |
+ else
|
| |
+ {
|
| |
+ - at->attr_nxt = at->attr_end + u16at (pa, 0x14);
|
| |
+ + at->attr_nxt = at->attr_end + res_attr_data_off (pa);
|
| |
+ at->attr_end = at->attr_end + u32at (pa, 4);
|
| |
+ pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
|
| |
+ }
|
| |
+ @@ -399,20 +417,20 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
|
| |
+
|
| |
+ if (pa[8] == 0)
|
| |
+ {
|
| |
+ - if (ofs + len > u32at (pa, 0x10))
|
| |
+ + if (ofs + len > res_attr_data_len (pa))
|
| |
+ return grub_error (GRUB_ERR_BAD_FS, "read out of range");
|
| |
+
|
| |
+ - if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
| |
+ + if (res_attr_data_len (pa) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
| |
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
|
| |
+
|
| |
+ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
|
| |
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
|
| |
+
|
| |
+ - if (u16at (pa, 0x14) + u32at (pa, 0x10) >
|
| |
+ + if (res_attr_data_off (pa) + res_attr_data_len (pa) >
|
| |
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
|
| |
+ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
|
| |
+
|
| |
+ - grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
|
| |
+ + grub_memcpy (dest, pa + res_attr_data_off (pa) + ofs, len);
|
| |
+ return 0;
|
| |
+ }
|
| |
+
|
| |
+ @@ -556,7 +574,7 @@ init_file (struct grub_ntfs_file *mft, grub_uint64_t mftno)
|
| |
+ (unsigned long long) mftno);
|
| |
+
|
| |
+ if (!pa[8])
|
| |
+ - mft->size = u32at (pa, 0x10);
|
| |
+ + mft->size = res_attr_data_len (pa);
|
| |
+ else
|
| |
+ mft->size = u64at (pa, 0x30);
|
| |
+
|
| |
+ @@ -801,7 +819,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
| |
+ (u32at (cur_pos, 0x18) != 0x490024) ||
|
| |
+ (u32at (cur_pos, 0x1C) != 0x300033))
|
| |
+ continue;
|
| |
+ - cur_pos += u16at (cur_pos, 0x14);
|
| |
+ + cur_pos += res_attr_data_off (cur_pos);
|
| |
+ if (*cur_pos != 0x30) /* Not filename index */
|
| |
+ continue;
|
| |
+ break;
|
| |
+ @@ -830,7 +848,7 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
| |
+ {
|
| |
+ int is_resident = (cur_pos[8] == 0);
|
| |
+
|
| |
+ - bitmap_len = ((is_resident) ? u32at (cur_pos, 0x10) :
|
| |
+ + bitmap_len = ((is_resident) ? res_attr_data_len (cur_pos) :
|
| |
+ u32at (cur_pos, 0x28));
|
| |
+
|
| |
+ bmp = grub_malloc (bitmap_len);
|
| |
+ @@ -851,14 +869,14 @@ grub_ntfs_iterate_dir (grub_fshelp_node_t dir,
|
| |
+ goto done;
|
| |
+ }
|
| |
+
|
| |
+ - if (u16at (cur_pos, 0x14) + u32at (cur_pos, 0x10) >
|
| |
+ + if (res_attr_data_off (cur_pos) + res_attr_data_len (cur_pos) >
|
| |
+ (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) cur_pos)
|
| |
+ {
|
| |
+ grub_error (GRUB_ERR_BAD_FS, "resident bitmap out of range");
|
| |
+ goto done;
|
| |
+ }
|
| |
+
|
| |
+ - grub_memcpy (bmp, cur_pos + u16at (cur_pos, 0x14),
|
| |
+ + grub_memcpy (bmp, cur_pos + res_attr_data_off (cur_pos),
|
| |
+ bitmap_len);
|
| |
+ }
|
| |
+ else
|
| |
+ @@ -1222,12 +1240,12 @@ grub_ntfs_label (grub_device_t device, char **label)
|
| |
+ goto fail;
|
| |
+ }
|
| |
+
|
| |
+ - if ((pa) && (pa[8] == 0) && (u32at (pa, 0x10)))
|
| |
+ + if ((pa) && (pa[8] == 0) && (res_attr_data_len (pa)))
|
| |
+ {
|
| |
+ int len;
|
| |
+
|
| |
+ - len = u32at (pa, 0x10) / 2;
|
| |
+ - pa += u16at (pa, 0x14);
|
| |
+ + len = res_attr_data_len (pa) / 2;
|
| |
+ + pa += res_attr_data_off (pa);
|
| |
+ if (mft->buf + (mft->data->mft_size << GRUB_NTFS_BLK_SHR) - pa >= 2 * len)
|
| |
+ *label = get_utf8 (pa, len);
|
| |
+ else
|
| |
(CVE-2023-4692)
(CVE-2023-4693)
Resolves: #2236613
Resolves: #2241978
Signed-off-by: Nicolas Frayer nfrayer@redhat.com