]> git.saurik.com Git - apple/hfs.git/blob - core/hfs_endian.c
projects / apple / hfs.git / blob
? search:


22b716fef769b4ff0c5ff3b843fc06a4a823bef8
[apple/hfs.git] / core / hfs_endian.c
1 /*
2 * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * hfs_endian.c
31 *
32 * This file implements endian swapping routines for the HFS/HFS Plus
33 * volume format.
34 */
35
36 #include "hfs_endian.h"
37 #include "hfs_dbg.h"
38 #include "BTreesPrivate.h"
39
40 #undef ENDIAN_DEBUG
41
42 /*
43 * Internal swapping routines
44 *
45 * These routines handle swapping the records of leaf and index nodes. The
46 * layout of the keys and records varies depending on the kind of B-tree
47 * (determined by fileID).
48 *
49 * The direction parameter must be kSwapBTNodeBigToHost or kSwapBTNodeHostToBig.
50 * The kSwapBTNodeHeaderRecordOnly "direction" is not valid for these routines.
51 */
52 int hfs_swap_HFSPlusBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
53 void hfs_swap_HFSPlusForkData (HFSPlusForkData *src);
54
55 #if CONFIG_HFS_STD
56 int hfs_swap_HFSBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
57 #endif
58
59 /*
60 * hfs_swap_HFSPlusForkData
61 */
62 void
63 hfs_swap_HFSPlusForkData (
64 HFSPlusForkData *src
65 )
66 {
67 int i;
68
69 src->logicalSize = SWAP_BE64 (src->logicalSize);
70
71 src->clumpSize = SWAP_BE32 (src->clumpSize);
72 src->totalBlocks = SWAP_BE32 (src->totalBlocks);
73
74 for (i = 0; i < kHFSPlusExtentDensity; i++) {
75 src->extents[i].startBlock = SWAP_BE32 (src->extents[i].startBlock);
76 src->extents[i].blockCount = SWAP_BE32 (src->extents[i].blockCount);
77 }
78 }
79
80 /*
81 * hfs_swap_BTNode
82 *
83 * NOTE: This operation is not naturally symmetric.
84 * We have to determine which way we're swapping things.
85 */
86 int
87 hfs_swap_BTNode (
88 BlockDescriptor *src,
89 vnode_t vp,
90 enum HFSBTSwapDirection direction,
91 u_int8_t allow_empty_node
92 )
93 {
94 BTNodeDescriptor *srcDesc = src->buffer;
95 u_int16_t *srcOffs = NULL;
96 BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr;
97 u_int16_t i; /* index to match srcDesc->numRecords */
98 int error = 0;
99
100 #ifdef ENDIAN_DEBUG
101 if (direction == kSwapBTNodeBigToHost) {
102 printf ("hfs: BE -> Native Swap\n");
103 } else if (direction == kSwapBTNodeHostToBig) {
104 printf ("hfs: Native -> BE Swap\n");
105 } else if (direction == kSwapBTNodeHeaderRecordOnly) {
106 printf ("hfs: Not swapping descriptors\n");
107 } else {
108 panic ("hfs_swap_BTNode: This is impossible");
109 }
110 #endif
111
112 /*
113 * If we are doing a swap from on-disk to in-memory, then swap the node
114 * descriptor and record offsets before we need to use them.
115 */
116 if (direction == kSwapBTNodeBigToHost) {
117 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
118 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
119
120 /*
121 * When first opening a BTree, we have to read the header node before the
122 * control block is initialized. In this case, totalNodes will be zero,
123 * so skip the bounds checking. Also, we should ignore the header node when
124 * checking for invalid forwards and backwards links, since the header node's
125 * links can point back to itself legitimately.
126 */
127 if (btcb->totalNodes != 0) {
128 if (srcDesc->fLink >= btcb->totalNodes) {
129 hfs_corruption_debug("hfs_swap_BTNode: invalid forward link (0x%08x >= 0x%08x)\n", srcDesc->fLink, btcb->totalNodes);
130 error = fsBTInvalidHeaderErr;
131 goto fail;
132 }
133 if (srcDesc->bLink >= btcb->totalNodes) {
134 hfs_corruption_debug("hfs_swap_BTNode: invalid backward link (0x%08x >= 0x%08x)\n", srcDesc->bLink, btcb->totalNodes);
135 error = fsBTInvalidHeaderErr;
136 goto fail;
137 }
138
139 if ((src->blockNum != 0) && (srcDesc->fLink == (u_int32_t) src->blockNum)) {
140 hfs_corruption_debug("hfs_swap_BTNode: invalid forward link (0x%08x == 0x%08x)\n", srcDesc->fLink, (u_int32_t) src->blockNum);
141 error = fsBTInvalidHeaderErr;
142 goto fail;
143 }
144 if ((src->blockNum != 0) && (srcDesc->bLink == (u_int32_t) src->blockNum)) {
145 hfs_corruption_debug("hfs_swap_BTNode: invalid backward link (0x%08x == 0x%08x)\n", srcDesc->bLink, (u_int32_t) src->blockNum);
146 error = fsBTInvalidHeaderErr;
147 goto fail;
148 }
149
150
151 }
152
153 /*
154 * Check srcDesc->kind. Don't swap it because it's only one byte.
155 */
156 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
157 printf("hfs_swap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
158 error = fsBTInvalidHeaderErr;
159 goto fail;
160 }
161
162 /*
163 * Check srcDesc->height. Don't swap it because it's only one byte.
164 */
165 if (srcDesc->height > kMaxTreeDepth) {
166 printf("hfs_swap_BTNode: invalid node height (%d)\n", srcDesc->height);
167 error = fsBTInvalidHeaderErr;
168 goto fail;
169 }
170
171 /* Don't swap srcDesc->reserved */
172
173 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
174
175 /*
176 * Swap the node offsets (including the free space one!).
177 */
178 srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t))));
179
180 /*
181 * Sanity check that the record offsets are within the node itself.
182 */
183 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
184 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
185 printf("hfs_swap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
186 error = fsBTInvalidHeaderErr;
187 goto fail;
188 }
189
190 /*
191 * Swap and sanity check each of the record offsets.
192 */
193 for (i = 0; i <= srcDesc->numRecords; i++) {
194 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
195
196 /*
197 * Sanity check: must be even, and within the node itself.
198 *
199 * We may be called to swap an unused node, which contains all zeroes.
200 * Unused nodes are expected only when allow_empty_node is true.
201 * If it is false and record offset is zero, return error.
202 */
203 if ((srcOffs[i] & 1) || (
204 (allow_empty_node == false) && (srcOffs[i] == 0)) ||
205 (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) ||
206 (srcOffs[i] > (src->blockSize - 2 * (srcDesc->numRecords + 1)))) {
207 printf("hfs_swap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
208 error = fsBTInvalidHeaderErr;
209 goto fail;
210 }
211
212 /*
213 * Make sure the offsets are strictly increasing. Note that we're looping over
214 * them backwards, hence the order in the comparison.
215 */
216 if ((i != 0) && (srcOffs[i] >= srcOffs[i-1])) {
217 printf("hfs_swap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
218 srcDesc->numRecords-i-1, srcDesc->numRecords-i, srcOffs[i], srcOffs[i-1]);
219 error = fsBTInvalidHeaderErr;
220 goto fail;
221 }
222 }
223 }
224
225 /*
226 * Swap the records (ordered by frequency of access)
227 */
228 if ((srcDesc->kind == kBTIndexNode) ||
229 (srcDesc-> kind == kBTLeafNode)) {
230
231 if (VTOVCB(vp)->vcbSigWord == kHFSPlusSigWord) {
232 error = hfs_swap_HFSPlusBTInternalNode (src, VTOC(vp)->c_fileid, direction);
233 }
234 #if CONFIG_HFS_STD
235 else {
236 error = hfs_swap_HFSBTInternalNode (src, VTOC(vp)->c_fileid, direction);
237 }
238 #endif
239
240 if (error) goto fail;
241
242 } else if (srcDesc-> kind == kBTMapNode) {
243 /* Don't swap the bitmaps, they'll be done in the bitmap routines */
244
245 } else if (srcDesc-> kind == kBTHeaderNode) {
246 /* The header's offset is hard-wired because we cannot trust the offset pointers. */
247 BTHeaderRec *srcHead = (BTHeaderRec *)((char *)src->buffer + sizeof(BTNodeDescriptor));
248
249 srcHead->treeDepth = SWAP_BE16 (srcHead->treeDepth);
250
251 srcHead->rootNode = SWAP_BE32 (srcHead->rootNode);
252 srcHead->leafRecords = SWAP_BE32 (srcHead->leafRecords);
253 srcHead->firstLeafNode = SWAP_BE32 (srcHead->firstLeafNode);
254 srcHead->lastLeafNode = SWAP_BE32 (srcHead->lastLeafNode);
255
256 srcHead->nodeSize = SWAP_BE16 (srcHead->nodeSize);
257 srcHead->maxKeyLength = SWAP_BE16 (srcHead->maxKeyLength);
258
259 srcHead->totalNodes = SWAP_BE32 (srcHead->totalNodes);
260 srcHead->freeNodes = SWAP_BE32 (srcHead->freeNodes);
261
262 srcHead->clumpSize = SWAP_BE32 (srcHead->clumpSize);
263 srcHead->attributes = SWAP_BE32 (srcHead->attributes);
264
265 /* Don't swap srcHead->reserved1 */
266 /* Don't swap srcHead->btreeType; it's only one byte */
267 /* Don't swap srcHead->reserved2 */
268 /* Don't swap srcHead->reserved3 */
269 /* Don't swap bitmap */
270 }
271
272 /*
273 * If we are doing a swap from in-memory to on-disk, then swap the node
274 * descriptor and record offsets after we're done using them.
275 */
276 if (direction == kSwapBTNodeHostToBig) {
277 /*
278 * Sanity check and swap the forward and backward links.
279 * Ignore the header node since its forward and backwards links can legitimately
280 * point to itself.
281 */
282 if (srcDesc->fLink >= btcb->totalNodes) {
283 panic("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
284 error = fsBTInvalidHeaderErr;
285 goto fail;
286 }
287 if ((src->blockNum != 0) && (srcDesc->fLink == (u_int32_t) src->blockNum)) {
288 panic ("hfs_UNswap_BTNode: invalid forward link (0x%08x == 0x%08x)\n",
289 srcDesc->fLink, (u_int32_t) src->blockNum);
290 error = fsBTInvalidHeaderErr;
291 goto fail;
292 }
293
294 if (srcDesc->bLink >= btcb->totalNodes) {
295 panic("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
296 error = fsBTInvalidHeaderErr;
297 goto fail;
298 }
299 if ((src->blockNum != 0) && (srcDesc->bLink == (u_int32_t) src->blockNum)) {
300 panic ("hfs_UNswap_BTNode: invalid backward link (0x%08x == 0x%08x)\n",
301 srcDesc->bLink, (u_int32_t) src->blockNum);
302 error = fsBTInvalidHeaderErr;
303 goto fail;
304 }
305
306
307 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
308 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
309
310 /*
311 * Check srcDesc->kind. Don't swap it because it's only one byte.
312 */
313 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
314 panic("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
315 error = fsBTInvalidHeaderErr;
316 goto fail;
317 }
318
319 /*
320 * Check srcDesc->height. Don't swap it because it's only one byte.
321 */
322 if (srcDesc->height > kMaxTreeDepth) {
323 panic("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height);
324 error = fsBTInvalidHeaderErr;
325 goto fail;
326 }
327
328 /* Don't swap srcDesc->reserved */
329
330 /*
331 * Swap the node offsets (including the free space one!).
332 */
333 srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t))));
334
335 /*
336 * Sanity check that the record offsets are within the node itself.
337 */
338 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
339 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
340 panic("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
341 error = fsBTInvalidHeaderErr;
342 goto fail;
343 }
344
345 /*
346 * Swap and sanity check each of the record offsets.
347 */
348 for (i = 0; i <= srcDesc->numRecords; i++) {
349 /*
350 * Sanity check: must be even, and within the node itself.
351 *
352 * We may be called to swap an unused node, which contains all zeroes.
353 * This can happen when the last record from a node gets deleted.
354 * This is why we allow the record offset to be zero.
355 * Unused nodes are expected only when allow_empty_node is true
356 * (the caller should set it to true for kSwapBTNodeBigToHost).
357 */
358 if ((srcOffs[i] & 1) ||
359 ((allow_empty_node == false) && (srcOffs[i] == 0)) ||
360 (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) ||
361 (srcOffs[i] > (src->blockSize - 2 * (srcDesc->numRecords + 1)))) {
362 panic("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
363 error = fsBTInvalidHeaderErr;
364 goto fail;
365 }
366
367 /*
368 * Make sure the offsets are strictly increasing. Note that we're looping over
369 * them backwards, hence the order in the comparison.
370 */
371 if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) {
372 panic("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
373 srcDesc->numRecords-i-2, srcDesc->numRecords-i-1, srcOffs[i+1], srcOffs[i]);
374 error = fsBTInvalidHeaderErr;
375 goto fail;
376 }
377
378 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
379 }
380
381 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
382 }
383
384 fail:
385 if (error) {
386 /*
387 * Log some useful information about where the corrupt node is.
388 */
389 printf("hfs: node=%lld fileID=%u volume=%s device=%s\n", src->blockNum, VTOC(vp)->c_fileid,
390 VTOVCB(vp)->vcbVN, vfs_statfs(vnode_mount(vp))->f_mntfromname);
391 hfs_mark_inconsistent(VTOVCB(vp), HFS_INCONSISTENCY_DETECTED);
392 }
393
394 return (error);
395 }
396
397 int
398 hfs_swap_HFSPlusBTInternalNode (
399 BlockDescriptor *src,
400 HFSCatalogNodeID fileID,
401 enum HFSBTSwapDirection direction
402 )
403 {
404 BTNodeDescriptor *srcDesc = src->buffer;
405 u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t))));
406 char *nextRecord; /* Points to start of record following current one */
407
408 /*
409 * i is an int32 because it needs to be negative to index the offset to free space.
410 * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok.
411 */
412
413 int32_t i;
414 u_int32_t j;
415
416 if (fileID == kHFSExtentsFileID) {
417 HFSPlusExtentKey *srcKey;
418 HFSPlusExtentDescriptor *srcRec;
419 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
420
421 if (srcDesc->kind == kBTIndexNode)
422 recordSize = sizeof(u_int32_t);
423 else
424 recordSize = sizeof(HFSPlusExtentDescriptor);
425
426 for (i = 0; i < srcDesc->numRecords; i++) {
427 /* Point to the start of the record we're currently checking. */
428 srcKey = (HFSPlusExtentKey *)((char *)src->buffer + srcOffs[i]);
429
430 /*
431 * Point to start of next (larger offset) record. We'll use this
432 * to be sure the current record doesn't overflow into the next
433 * record.
434 */
435 nextRecord = (char *)src->buffer + srcOffs[i-1];
436
437 /*
438 * Make sure the key and data are within the buffer. Since both key
439 * and data are fixed size, this is relatively easy. Note that this
440 * relies on the keyLength being a constant; we verify the keyLength
441 * below.
442 */
443 if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) {
444 if (direction == kSwapBTNodeHostToBig) {
445 panic("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
446 } else {
447 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
448 }
449 return fsBTInvalidNodeErr;
450 }
451
452 if (direction == kSwapBTNodeBigToHost)
453 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
454 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
455 if (direction == kSwapBTNodeHostToBig) {
456 panic("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
457 } else {
458 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
459 }
460 return fsBTInvalidNodeErr;
461 }
462 srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
463 if (direction == kSwapBTNodeHostToBig)
464 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
465
466 /* Don't swap srcKey->forkType; it's only one byte */
467 /* Don't swap srcKey->pad */
468
469 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
470 srcKey->startBlock = SWAP_BE32 (srcKey->startBlock);
471
472 if (srcDesc->kind == kBTIndexNode) {
473 /* For index nodes, the record data is just a child node number. */
474 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
475 } else {
476 /* Swap the extent data */
477 for (j = 0; j < kHFSPlusExtentDensity; j++) {
478 srcRec[j].startBlock = SWAP_BE32 (srcRec[j].startBlock);
479 srcRec[j].blockCount = SWAP_BE32 (srcRec[j].blockCount);
480 }
481 }
482 }
483
484 } else if (fileID == kHFSCatalogFileID) {
485 HFSPlusCatalogKey *srcKey;
486 int16_t *srcPtr;
487 u_int16_t keyLength;
488
489 for (i = 0; i < srcDesc->numRecords; i++) {
490 /* Point to the start of the record we're currently checking. */
491 srcKey = (HFSPlusCatalogKey *)((char *)src->buffer + srcOffs[i]);
492
493 /*
494 * Point to start of next (larger offset) record. We'll use this
495 * to be sure the current record doesn't overflow into the next
496 * record.
497 */
498 nextRecord = (char *)src->buffer + (uintptr_t)(srcOffs[i-1]);
499
500 /*
501 * Make sure we can safely dereference the keyLength and parentID fields.
502 */
503 if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) {
504 if (direction == kSwapBTNodeHostToBig) {
505 panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
506 } else {
507 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
508 }
509 return fsBTInvalidNodeErr;
510 }
511
512 /*
513 * Swap and sanity check the key length
514 */
515 if (direction == kSwapBTNodeBigToHost)
516 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
517 keyLength = srcKey->keyLength; /* Put it in a local (native order) because we use it several times */
518 if (direction == kSwapBTNodeHostToBig)
519 srcKey->keyLength = SWAP_BE16 (keyLength);
520
521 /* Sanity check the key length */
522 if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) {
523 if (direction == kSwapBTNodeHostToBig) {
524 panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
525 } else {
526 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
527 }
528 return fsBTInvalidNodeErr;
529 }
530
531 /*
532 * Make sure that we can safely dereference the record's type field or
533 * an index node's child node number.
534 */
535 srcPtr = (int16_t *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
536 if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) {
537 if (direction == kSwapBTNodeHostToBig) {
538 panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
539 } else {
540 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
541 }
542 return fsBTInvalidNodeErr;
543 }
544
545 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
546
547 /*
548 * Swap and sanity check the key's node name
549 */
550 if (direction == kSwapBTNodeBigToHost)
551 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
552 /* Make sure name length is consistent with key length */
553 if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
554 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) {
555 if (direction == kSwapBTNodeHostToBig) {
556 panic("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n",
557 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
558 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
559 } else {
560 printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n",
561 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
562 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
563 }
564 return fsBTInvalidNodeErr;
565 }
566 for (j = 0; j < srcKey->nodeName.length; j++) {
567 srcKey->nodeName.unicode[j] = SWAP_BE16 (srcKey->nodeName.unicode[j]);
568 }
569 if (direction == kSwapBTNodeHostToBig)
570 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
571
572 /*
573 * For index nodes, the record data is just the child's node number.
574 * Skip over swapping the various types of catalog record.
575 */
576 if (srcDesc->kind == kBTIndexNode) {
577 *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr));
578 continue;
579 }
580
581 /* Make sure the recordType is in native order before using it. */
582 if (direction == kSwapBTNodeBigToHost)
583 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
584
585 if (srcPtr[0] == kHFSPlusFolderRecord) {
586 HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr;
587 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
588 if (direction == kSwapBTNodeHostToBig) {
589 panic("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
590 } else {
591 printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
592 }
593 return fsBTInvalidNodeErr;
594 }
595
596 srcRec->flags = SWAP_BE16 (srcRec->flags);
597 srcRec->valence = SWAP_BE32 (srcRec->valence);
598 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
599 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
600 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
601 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
602 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
603 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
604
605 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
606 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
607
608 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
609 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
610
611 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
612 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
613
614 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
615
616 /* Don't swap srcRec->userInfo */
617 /* Don't swap srcRec->finderInfo */
618 srcRec->folderCount = SWAP_BE32 (srcRec->folderCount);
619
620 } else if (srcPtr[0] == kHFSPlusFileRecord) {
621 HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr;
622 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
623 if (direction == kSwapBTNodeHostToBig) {
624 panic("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
625 } else {
626 printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
627 }
628 return fsBTInvalidNodeErr;
629 }
630
631 srcRec->flags = SWAP_BE16 (srcRec->flags);
632
633 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
634
635 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
636 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
637 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
638 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
639 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
640
641 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
642 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
643
644 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
645 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
646
647 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
648 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
649
650 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
651
652 /* If kHFSHasLinkChainBit is set, reserved1 is hl_FirstLinkID.
653 * In all other context, it is expected to be zero.
654 */
655 srcRec->reserved1 = SWAP_BE32 (srcRec->reserved1);
656
657 /* Don't swap srcRec->userInfo */
658 /* Don't swap srcRec->finderInfo */
659 /* Don't swap srcRec->reserved2 */
660
661 hfs_swap_HFSPlusForkData (&srcRec->dataFork);
662 hfs_swap_HFSPlusForkData (&srcRec->resourceFork);
663
664 } else if ((srcPtr[0] == kHFSPlusFolderThreadRecord) ||
665 (srcPtr[0] == kHFSPlusFileThreadRecord)) {
666
667 /*
668 * Make sure there is room for parentID and name length.
669 */
670 HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr;
671 if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) {
672 if (direction == kSwapBTNodeHostToBig) {
673 panic("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
674 } else {
675 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
676 }
677 return fsBTInvalidNodeErr;
678 }
679
680 /* Don't swap srcRec->reserved */
681
682 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
683
684 if (direction == kSwapBTNodeBigToHost)
685 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
686
687 /*
688 * Make sure there is room for the name in the buffer.
689 * Then swap the characters of the name itself.
690 */
691 if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) {
692 if (direction == kSwapBTNodeHostToBig) {
693 panic("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
694 } else {
695 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
696 }
697 return fsBTInvalidNodeErr;
698 }
699 for (j = 0; j < srcRec->nodeName.length; j++) {
700 srcRec->nodeName.unicode[j] = SWAP_BE16 (srcRec->nodeName.unicode[j]);
701 }
702
703 if (direction == kSwapBTNodeHostToBig)
704 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
705
706 } else {
707 if (direction == kSwapBTNodeHostToBig) {
708 panic("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
709 } else {
710 printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
711 }
712 return fsBTInvalidNodeErr;
713 }
714
715 /* We can swap the record type now that we're done using it. */
716 if (direction == kSwapBTNodeHostToBig)
717 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
718 }
719
720 } else if (fileID == kHFSAttributesFileID) {
721 HFSPlusAttrKey *srcKey;
722 HFSPlusAttrRecord *srcRec;
723 u_int16_t keyLength;
724 u_int32_t attrSize = 0;
725
726 for (i = 0; i < srcDesc->numRecords; i++) {
727 /* Point to the start of the record we're currently checking. */
728 srcKey = (HFSPlusAttrKey *)((char *)src->buffer + srcOffs[i]);
729
730 /*
731 * Point to start of next (larger offset) record. We'll use this
732 * to be sure the current record doesn't overflow into the next
733 * record.
734 */
735 nextRecord = (char *)src->buffer + srcOffs[i-1];
736
737 /* Make sure there is room in the buffer for a minimal key */
738 if ((char *) &srcKey->attrName[1] > nextRecord) {
739 if (direction == kSwapBTNodeHostToBig) {
740 panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
741 } else {
742 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
743 }
744 return fsBTInvalidNodeErr;
745 }
746
747 /* Swap the key length field */
748 if (direction == kSwapBTNodeBigToHost)
749 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
750 keyLength = srcKey->keyLength; /* Keep a copy in native order */
751 if (direction == kSwapBTNodeHostToBig)
752 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
753
754 /*
755 * Make sure that we can safely dereference the record's type field or
756 * an index node's child node number.
757 */
758 srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
759 if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) {
760 if (direction == kSwapBTNodeHostToBig) {
761 panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
762 } else {
763 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
764 }
765 return fsBTInvalidNodeErr;
766 }
767
768 srcKey->fileID = SWAP_BE32(srcKey->fileID);
769 srcKey->startBlock = SWAP_BE32(srcKey->startBlock);
770
771 /*
772 * Swap and check the attribute name
773 */
774 if (direction == kSwapBTNodeBigToHost)
775 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
776 /* Sanity check the attribute name length */
777 if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) {
778 if (direction == kSwapBTNodeHostToBig) {
779 panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
780 } else {
781 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
782 }
783 return fsBTInvalidNodeErr;
784 }
785 for (j = 0; j < srcKey->attrNameLen; j++)
786 srcKey->attrName[j] = SWAP_BE16(srcKey->attrName[j]);
787 if (direction == kSwapBTNodeHostToBig)
788 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
789
790 /*
791 * For index nodes, the record data is just the child's node number.
792 * Skip over swapping the various types of attribute record.
793 */
794 if (srcDesc->kind == kBTIndexNode) {
795 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
796 continue;
797 }
798
799 /* Swap the record data */
800 if (direction == kSwapBTNodeBigToHost)
801 srcRec->recordType = SWAP_BE32(srcRec->recordType);
802 switch (srcRec->recordType) {
803 case kHFSPlusAttrInlineData:
804 /* Is there room for the inline data header? */
805 if ((char *) &srcRec->attrData.attrData[0] > nextRecord) {
806 if (direction == kSwapBTNodeHostToBig) {
807 panic("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
808 } else {
809 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
810 }
811 return fsBTInvalidNodeErr;
812 }
813
814 /* We're not swapping the reserved fields */
815
816 /* Swap the attribute size */
817 if (direction == kSwapBTNodeHostToBig)
818 attrSize = srcRec->attrData.attrSize;
819 srcRec->attrData.attrSize = SWAP_BE32(srcRec->attrData.attrSize);
820 if (direction == kSwapBTNodeBigToHost)
821 attrSize = srcRec->attrData.attrSize;
822
823 /* Is there room for the inline attribute data? */
824 if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) {
825 if (direction == kSwapBTNodeHostToBig) {
826 panic("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
827 } else {
828 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
829 }
830 return fsBTInvalidNodeErr;
831 }
832
833 /* Not swapping the attribute data itself */
834 break;
835
836 case kHFSPlusAttrForkData:
837 /* Is there room for the fork data record? */
838 if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) {
839 if (direction == kSwapBTNodeHostToBig) {
840 panic("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
841 } else {
842 printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
843 }
844 return fsBTInvalidNodeErr;
845 }
846
847 /* We're not swapping the reserved field */
848
849 hfs_swap_HFSPlusForkData(&srcRec->forkData.theFork);
850 break;
851
852 case kHFSPlusAttrExtents:
853 /* Is there room for an extent record? */
854 if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) {
855 if (direction == kSwapBTNodeHostToBig) {
856 panic("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
857 } else {
858 printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
859 }
860 return fsBTInvalidNodeErr;
861 }
862
863 /* We're not swapping the reserved field */
864
865 for (j = 0; j < kHFSPlusExtentDensity; j++) {
866 srcRec->overflowExtents.extents[j].startBlock =
867 SWAP_BE32(srcRec->overflowExtents.extents[j].startBlock);
868 srcRec->overflowExtents.extents[j].blockCount =
869 SWAP_BE32(srcRec->overflowExtents.extents[j].blockCount);
870 }
871 break;
872 }
873 if (direction == kSwapBTNodeHostToBig)
874 srcRec->recordType = SWAP_BE32(srcRec->recordType);
875 }
876 } else if (fileID > kHFSFirstUserCatalogNodeID) {
877 /* The only B-tree with a non-system CNID that we use is the hotfile B-tree */
878 HotFileKey *srcKey;
879 u_int32_t *srcRec;
880
881 for (i = 0; i < srcDesc->numRecords; i++) {
882 /* Point to the start of the record we're currently checking. */
883 srcKey = (HotFileKey *)((char *)src->buffer + srcOffs[i]);
884
885 /*
886 * Point to start of next (larger offset) record. We'll use this
887 * to be sure the current record doesn't overflow into the next
888 * record.
889 */
890 nextRecord = (char *)src->buffer + srcOffs[i-1];
891
892 /* Make sure there is room for the key (HotFileKey) and data (u_int32_t) */
893 if ((char *)srcKey + sizeof(HotFileKey) + sizeof(u_int32_t) > nextRecord) {
894 if (direction == kSwapBTNodeHostToBig) {
895 panic("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
896 } else {
897 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
898 }
899 return fsBTInvalidNodeErr;
900 }
901
902 /* Swap and sanity check the key length field */
903 if (direction == kSwapBTNodeBigToHost)
904 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
905 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
906 if (direction == kSwapBTNodeHostToBig) {
907 panic("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
908 } else {
909 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
910 }
911 return fsBTInvalidNodeErr;
912 }
913 srcRec = (u_int32_t *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
914 if (direction == kSwapBTNodeHostToBig)
915 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
916
917 /* Don't swap srcKey->forkType */
918 /* Don't swap srcKey->pad */
919
920 srcKey->temperature = SWAP_BE32 (srcKey->temperature);
921 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
922
923 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
924 }
925 } else {
926 panic ("hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID);
927 }
928
929
930 return (0);
931 }
932
933 #if CONFIG_HFS_STD
934 int
935 hfs_swap_HFSBTInternalNode (
936 BlockDescriptor *src,
937 HFSCatalogNodeID fileID,
938 enum HFSBTSwapDirection direction
939 )
940 {
941 BTNodeDescriptor *srcDesc = src->buffer;
942 u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t))));
943 char *nextRecord; /* Points to start of record following current one */
944
945 /*
946 * i is an int32 because it needs to be negative to index the offset to free space.
947 * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok.
948 */
949 int32_t i;
950 u_int32_t j;
951
952 if (fileID == kHFSExtentsFileID) {
953 HFSExtentKey *srcKey;
954 HFSExtentDescriptor *srcRec;
955 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
956
957 if (srcDesc->kind == kBTIndexNode)
958 recordSize = sizeof(u_int32_t);
959 else
960 recordSize = sizeof(HFSExtentDescriptor);
961
962 for (i = 0; i < srcDesc->numRecords; i++) {
963 /* Point to the start of the record we're currently checking. */
964 srcKey = (HFSExtentKey *)((char *)src->buffer + srcOffs[i]);
965
966 /*
967 * Point to start of next (larger offset) record. We'll use this
968 * to be sure the current record doesn't overflow into the next
969 * record.
970 */
971 nextRecord = (char *)src->buffer + srcOffs[i-1];
972
973 /*
974 * Make sure the key and data are within the buffer. Since both key
975 * and data are fixed size, this is relatively easy. Note that this
976 * relies on the keyLength being a constant; we verify the keyLength
977 * below.
978 */
979 if ((char *)srcKey + sizeof(HFSExtentKey) + recordSize > nextRecord) {
980 if (direction == kSwapBTNodeHostToBig) {
981 panic("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
982 } else {
983 printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
984 }
985 return fsBTInvalidNodeErr;
986 }
987
988 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
989 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
990 if (direction == kSwapBTNodeHostToBig) {
991 panic("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
992 } else {
993 printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
994 }
995 return fsBTInvalidNodeErr;
996 }
997
998 /* Don't swap srcKey->forkType; it's only one byte */
999
1000 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
1001 srcKey->startBlock = SWAP_BE16 (srcKey->startBlock);
1002
1003 /* Point to record data (round up to even byte boundary) */
1004 srcRec = (HFSExtentDescriptor *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
1005
1006 if (srcDesc->kind == kBTIndexNode) {
1007 /* For index nodes, the record data is just a child node number. */
1008 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
1009 } else {
1010 /* Swap the extent data */
1011 for (j = 0; j < kHFSExtentDensity; j++) {
1012 srcRec[j].startBlock = SWAP_BE16 (srcRec[j].startBlock);
1013 srcRec[j].blockCount = SWAP_BE16 (srcRec[j].blockCount);
1014 }
1015 }
1016 }
1017
1018 } else if (fileID == kHFSCatalogFileID) {
1019 HFSCatalogKey *srcKey;
1020 int16_t *srcPtr;
1021 unsigned expectedKeyLength;
1022
1023 for (i = 0; i < srcDesc->numRecords; i++) {
1024 /* Point to the start of the record we're currently checking. */
1025 srcKey = (HFSCatalogKey *)((char *)src->buffer + srcOffs[i]);
1026
1027 /*
1028 * Point to start of next (larger offset) record. We'll use this
1029 * to be sure the current record doesn't overflow into the next
1030 * record.
1031 */
1032 nextRecord = (char *)src->buffer + srcOffs[i-1];
1033
1034 /*
1035 * Make sure we can safely dereference the keyLength and parentID fields.
1036 * The value 8 below is 1 bytes for keyLength + 1 byte reserved + 4 bytes
1037 * for parentID + 1 byte for nodeName's length + 1 byte to round up the
1038 * record start to an even offset, which forms a minimal key.
1039 */
1040 if ((char *)srcKey + 8 > nextRecord) {
1041 if (direction == kSwapBTNodeHostToBig) {
1042 panic("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
1043 } else {
1044 printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
1045 }
1046 return fsBTInvalidNodeErr;
1047 }
1048
1049 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
1050 if (srcKey->keyLength < kHFSCatalogKeyMinimumLength || srcKey->keyLength > kHFSCatalogKeyMaximumLength) {
1051 if (direction == kSwapBTNodeHostToBig) {
1052 panic("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
1053 } else {
1054 printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
1055 }
1056 return fsBTInvalidNodeErr;
1057 }
1058
1059 /* Don't swap srcKey->reserved */
1060
1061 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
1062
1063 /* Don't swap srcKey->nodeName */
1064
1065 /* Make sure the keyLength is big enough for the key's content */
1066 if (srcDesc->kind == kBTIndexNode)
1067 expectedKeyLength = sizeof(*srcKey) - sizeof(srcKey->keyLength);
1068 else
1069 expectedKeyLength = srcKey->nodeName[0] + kHFSCatalogKeyMinimumLength;
1070 if (srcKey->keyLength < expectedKeyLength) {
1071 if (direction == kSwapBTNodeHostToBig) {
1072 panic("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
1073 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
1074 } else {
1075 printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
1076 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
1077 }
1078 return fsBTInvalidNodeErr;
1079 }
1080
1081 /* Point to record data (round up to even byte boundary) */
1082 srcPtr = (int16_t *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
1083
1084 /*
1085 * Make sure that we can safely dereference the record's type field or
1086 * and index node's child node number.
1087 */
1088 if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) {
1089 if (direction == kSwapBTNodeHostToBig) {
1090 panic("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
1091 } else {
1092 printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
1093 }
1094 return fsBTInvalidNodeErr;
1095 }
1096
1097 /*
1098 * For index nodes, the record data is just the child's node number.
1099 * Skip over swapping the various types of catalog record.
1100 */
1101 if (srcDesc->kind == kBTIndexNode) {
1102 *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr));
1103 continue;
1104 }
1105
1106 /* Make sure the recordType is in native order before using it. */
1107 if (direction == kSwapBTNodeBigToHost)
1108 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1109
1110 if (srcPtr[0] == kHFSFolderRecord) {
1111 HFSCatalogFolder *srcRec = (HFSCatalogFolder *)srcPtr;
1112 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
1113 if (direction == kSwapBTNodeHostToBig) {
1114 panic("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
1115 } else {
1116 printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
1117 }
1118 return fsBTInvalidNodeErr;
1119 }
1120
1121 srcRec->flags = SWAP_BE16 (srcRec->flags);
1122 srcRec->valence = SWAP_BE16 (srcRec->valence);
1123
1124 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
1125 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
1126 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
1127 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
1128
1129 /* Don't swap srcRec->userInfo */
1130 /* Don't swap srcRec->finderInfo */
1131 /* Don't swap resserved array */
1132
1133 } else if (srcPtr[0] == kHFSFileRecord) {
1134 HFSCatalogFile *srcRec = (HFSCatalogFile *)srcPtr;
1135 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
1136 if (direction == kSwapBTNodeHostToBig) {
1137 panic("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
1138 } else {
1139 printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
1140 }
1141 return fsBTInvalidNodeErr;
1142 }
1143
1144 srcRec->flags = srcRec->flags;
1145 srcRec->fileType = srcRec->fileType;
1146
1147 /* Don't swap srcRec->userInfo */
1148
1149 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
1150
1151 srcRec->dataStartBlock = SWAP_BE16 (srcRec->dataStartBlock);
1152 srcRec->dataLogicalSize = SWAP_BE32 (srcRec->dataLogicalSize);
1153 srcRec->dataPhysicalSize = SWAP_BE32 (srcRec->dataPhysicalSize);
1154
1155 srcRec->rsrcStartBlock = SWAP_BE16 (srcRec->rsrcStartBlock);
1156 srcRec->rsrcLogicalSize = SWAP_BE32 (srcRec->rsrcLogicalSize);
1157 srcRec->rsrcPhysicalSize = SWAP_BE32 (srcRec->rsrcPhysicalSize);
1158
1159 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
1160 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
1161 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
1162
1163 /* Don't swap srcRec->finderInfo */
1164
1165 srcRec->clumpSize = SWAP_BE16 (srcRec->clumpSize);
1166
1167 /* Swap the two sets of extents as an array of six (three each) u_int16_t */
1168 for (j = 0; j < kHFSExtentDensity * 2; j++) {
1169 srcRec->dataExtents[j].startBlock = SWAP_BE16 (srcRec->dataExtents[j].startBlock);
1170 srcRec->dataExtents[j].blockCount = SWAP_BE16 (srcRec->dataExtents[j].blockCount);
1171 }
1172
1173 /* Don't swap srcRec->reserved */
1174
1175 } else if ((srcPtr[0] == kHFSFolderThreadRecord) ||
1176 (srcPtr[0] == kHFSFileThreadRecord)) {
1177 HFSCatalogThread *srcRec = (HFSCatalogThread *)srcPtr;
1178
1179 /* Make sure there is room for parentID and name length */
1180 if ((char *) &srcRec->nodeName[1] > nextRecord) {
1181 if (direction == kSwapBTNodeHostToBig) {
1182 panic("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
1183 } else {
1184 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
1185 }
1186 return fsBTInvalidNodeErr;
1187 }
1188
1189 /* Don't swap srcRec->reserved array */
1190
1191 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
1192
1193 /* Don't swap srcRec->nodeName */
1194
1195 /* Make sure there is room for the name in the buffer */
1196 if ((char *) &srcRec->nodeName[srcRec->nodeName[0]] > nextRecord) {
1197 if (direction == kSwapBTNodeHostToBig) {
1198 panic("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1199 } else {
1200 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1201 }
1202 return fsBTInvalidNodeErr;
1203 }
1204 } else {
1205 if (direction == kSwapBTNodeHostToBig) {
1206 panic("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1207 } else {
1208 printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1209 }
1210 return fsBTInvalidNodeErr;
1211 }
1212
1213 /* We can swap the record type now that we're done using it */
1214 if (direction == kSwapBTNodeHostToBig)
1215 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1216 }
1217
1218 } else {
1219 panic ("hfs_swap_HFSBTInternalNode: fileID %u is not a system B-tree\n", fileID);
1220 }
1221
1222 return (0);
1223 }
1224 #endif
1225
mirror of hfs