]> git.saurik.com Git - apple/hfs.git/blob - livefiles_hfs_plugin/lf_hfs_endian.c
projects / apple / hfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hfs-522.0.9.tar.gz
[apple/hfs.git] / livefiles_hfs_plugin / lf_hfs_endian.c
1 //
2 // lf_hfs_endian.c
3 // livefiles_hfs
4 //
5 // Created by Yakov Ben Zaken on 22/03/2018.
6 //
7
8 #include <stdio.h>
9
10
11 #include "lf_hfs_endian.h"
12 #include "lf_hfs_btrees_private.h"
13 #include "lf_hfs_vfsops.h"
14 #include "lf_hfs_utils.h"
15 #include "lf_hfs_generic_buf.h"
16
17 #define DEBUG_BTNODE_SWAP 0
18
19 /*
20 * Internal swapping routines
21 *
22 * These routines handle swapping the records of leaf and index nodes. The
23 * layout of the keys and records varies depending on the kind of B-tree
24 * (determined by fileID).
25 *
26 * The direction parameter must be kSwapBTNodeBigToHost or kSwapBTNodeHostToBig.
27 * The kSwapBTNodeHeaderRecordOnly "direction" is not valid for these routines.
28 */
29 int hfs_swap_HFSPlusBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
30 void hfs_swap_HFSPlusForkData (HFSPlusForkData *src);
31
32 /*
33 * hfs_swap_HFSPlusForkData
34 */
35 void
36 hfs_swap_HFSPlusForkData (
37 HFSPlusForkData *src
38 )
39 {
40 int i;
41
42 src->logicalSize = SWAP_BE64 (src->logicalSize);
43
44 src->clumpSize = SWAP_BE32 (src->clumpSize);
45 src->totalBlocks = SWAP_BE32 (src->totalBlocks);
46
47 for (i = 0; i < kHFSPlusExtentDensity; i++) {
48 src->extents[i].startBlock = SWAP_BE32 (src->extents[i].startBlock);
49 src->extents[i].blockCount = SWAP_BE32 (src->extents[i].blockCount);
50 }
51 }
52
53 /*
54 * hfs_swap_BTNode
55 *
56 * NOTE: This operation is not naturally symmetric.
57 * We have to determine which way we're swapping things.
58 */
59 int
60 hfs_swap_BTNode (
61 BlockDescriptor *src,
62 vnode_t vp,
63 enum HFSBTSwapDirection direction,
64 u_int8_t allow_empty_node
65 )
66 {
67
68 GenericLFBuf *psBuf = src->blockHeader;
69 lf_hfs_generic_buf_lock(psBuf);
70
71 switch(direction) {
72 case kSwapBTNodeBigToHost:
73 lf_hfs_generic_buf_set_cache_flag(psBuf, GEN_BUF_LITTLE_ENDIAN);
74 break;
75 case kSwapBTNodeHostToBig:
76 lf_hfs_generic_buf_clear_cache_flag(psBuf, GEN_BUF_LITTLE_ENDIAN);
77 break;
78 case kSwapBTNodeHeaderRecordOnly:
79 break;
80 default:
81 panic("invalid direction");
82 }
83
84
85 BTNodeDescriptor *srcDesc = src->buffer;
86 u_int16_t *srcOffs = NULL;
87 BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr;
88 u_int16_t i; /* index to match srcDesc->numRecords */
89 int error = 0;
90
91 #if DEBUG_BTNODE_SWAP
92 printf("hfs_swap_BTNode: direction %u (%s), psVnode %p, blockNum %llu uPhyCluster %llu\n", direction, (direction==0)?"RD":(direction==1)?"WR":"NA", vp, src->blockNum, psBuf->uPhyCluster);
93 uint32_t *pData = src->buffer;
94 printf("hfs_swap_BTNode: %p before: 0x%x, 0x%x, 0x%x, 0x%x\n", pData, pData[0], pData[1], pData[2], pData[3]);
95 #endif
96
97 #ifdef ENDIAN_DEBUG
98 if (direction == kSwapBTNodeBigToHost) {
99 LFHFS_LOG(LEVEL_DEBUG, "hfs: BE -> Native Swap\n");
100 } else if (direction == kSwapBTNodeHostToBig) {
101 LFHFS_LOG(LEVEL_DEBUG, "hfs: Native -> BE Swap\n");
102 } else if (direction == kSwapBTNodeHeaderRecordOnly) {
103 LFHFS_LOG(LEVEL_DEBUG, "hfs: Not swapping descriptors\n");
104 } else {
105 LFHFS_LOG(LEVEL_ERROR, "hfs_swap_BTNode: This is impossible");
106 hfs_assert(0);
107 }
108 #endif
109
110 /*
111 * If we are doing a swap from on-disk to in-memory, then swap the node
112 * descriptor and record offsets before we need to use them.
113 */
114 if (direction == kSwapBTNodeBigToHost) {
115 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
116 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
117
118 /*
119 * When first opening a BTree, we have to read the header node before the
120 * control block is initialized. In this case, totalNodes will be zero,
121 * so skip the bounds checking. Also, we should ignore the header node when
122 * checking for invalid forwards and backwards links, since the header node's
123 * links can point back to itself legitimately.
124 */
125 if (btcb->totalNodes != 0) {
126 if (srcDesc->fLink >= btcb->totalNodes) {
127 LFHFS_LOG( LEVEL_ERROR, "hfs_swap_BTNode: invalid forward link (0x%08x >= 0x%08x)\n", srcDesc->fLink, btcb->totalNodes);
128 error = fsBTInvalidHeaderErr;
129 goto fail;
130 }
131 if (srcDesc->bLink >= btcb->totalNodes) {
132 LFHFS_LOG( LEVEL_ERROR, "hfs_swap_BTNode: invalid backward link (0x%08x >= 0x%08x)\n", srcDesc->bLink, btcb->totalNodes);
133 error = fsBTInvalidHeaderErr;
134 goto fail;
135 }
136
137 if ((src->blockNum != 0) && (srcDesc->fLink == (u_int32_t) src->blockNum)) {
138 LFHFS_LOG( LEVEL_ERROR, "hfs_swap_BTNode: invalid forward link (0x%08x == 0x%08x)\n", srcDesc->fLink, (u_int32_t) src->blockNum);
139 error = fsBTInvalidHeaderErr;
140 goto fail;
141 }
142 if ((src->blockNum != 0) && (srcDesc->bLink == (u_int32_t) src->blockNum)) {
143 LFHFS_LOG( LEVEL_ERROR, "hfs_swap_BTNode: invalid backward link (0x%08x == 0x%08x)\n", srcDesc->bLink, (u_int32_t) src->blockNum);
144 error = fsBTInvalidHeaderErr;
145 goto fail;
146 }
147
148
149 }
150
151 /*
152 * Check srcDesc->kind. Don't swap it because it's only one byte.
153 */
154 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
155 LFHFS_LOG(LEVEL_ERROR , "hfs_swap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
156 error = fsBTInvalidHeaderErr;
157 goto fail;
158 }
159
160 /*
161 * Check srcDesc->height. Don't swap it because it's only one byte.
162 */
163 if (srcDesc->height > kMaxTreeDepth) {
164 LFHFS_LOG(LEVEL_ERROR , "hfs_swap_BTNode: invalid node height (%d)\n", srcDesc->height);
165 error = fsBTInvalidHeaderErr;
166 goto fail;
167 }
168
169 /* Don't swap srcDesc->reserved */
170
171 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
172
173 /*
174 * Swap the node offsets (including the free space one!).
175 */
176 srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t))));
177
178 /*
179 * Sanity check that the record offsets are within the node itself.
180 */
181 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
182 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
183 LFHFS_LOG(LEVEL_ERROR , "hfs_swap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
184 error = fsBTInvalidHeaderErr;
185 goto fail;
186 }
187
188 /*
189 * Swap and sanity check each of the record offsets.
190 */
191 for (i = 0; i <= srcDesc->numRecords; i++) {
192 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
193
194 /*
195 * Sanity check: must be even, and within the node itself.
196 *
197 * We may be called to swap an unused node, which contains all zeroes.
198 * Unused nodes are expected only when allow_empty_node is true.
199 * If it is false and record offset is zero, return error.
200 */
201 if ((srcOffs[i] & 1) || (
202 (allow_empty_node == false) && (srcOffs[i] == 0)) ||
203 (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) ||
204 (srcOffs[i] > (src->blockSize - 2 * (srcDesc->numRecords + 1)))) {
205 LFHFS_LOG(LEVEL_ERROR , "hfs_swap_BTNode: offset #%d invalid (0x%04X) (blockSize 0x%x numRecords %d)\n",
206 i, srcOffs[i], (int32_t)src->blockSize, srcDesc->numRecords);
207 error = fsBTInvalidHeaderErr;
208 goto fail;
209 }
210
211 /*
212 * Make sure the offsets are strictly increasing. Note that we're looping over
213 * them backwards, hence the order in the comparison.
214 */
215 if ((i != 0) && (srcOffs[i] >= srcOffs[i-1])) {
216 LFHFS_LOG(LEVEL_ERROR , "hfs_swap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
217 i, i-1, srcOffs[i], srcOffs[i-1]);
218
219 error = fsBTInvalidHeaderErr;
220 goto fail;
221 }
222 }
223 }
224
225 /*
226 * Swap the records (ordered by frequency of access)
227 */
228 if ((srcDesc->kind == kBTIndexNode) ||
229 (srcDesc->kind == kBTLeafNode)) {
230
231 if (VTOVCB(vp)->vcbSigWord == kHFSPlusSigWord) {
232 error = hfs_swap_HFSPlusBTInternalNode (src, VTOC(vp)->c_fileid, direction);
233 }
234
235 if (error) goto fail;
236
237 } else if (srcDesc-> kind == kBTMapNode) {
238 /* Don't swap the bitmaps, they'll be done in the bitmap routines */
239
240 } else if (srcDesc-> kind == kBTHeaderNode) {
241 /* The header's offset is hard-wired because we cannot trust the offset pointers. */
242 BTHeaderRec *srcHead = (BTHeaderRec *)((char *)src->buffer + sizeof(BTNodeDescriptor));
243
244 srcHead->treeDepth = SWAP_BE16 (srcHead->treeDepth);
245
246 srcHead->rootNode = SWAP_BE32 (srcHead->rootNode);
247 srcHead->leafRecords = SWAP_BE32 (srcHead->leafRecords);
248 srcHead->firstLeafNode = SWAP_BE32 (srcHead->firstLeafNode);
249 srcHead->lastLeafNode = SWAP_BE32 (srcHead->lastLeafNode);
250
251 srcHead->nodeSize = SWAP_BE16 (srcHead->nodeSize);
252 srcHead->maxKeyLength = SWAP_BE16 (srcHead->maxKeyLength);
253
254 srcHead->totalNodes = SWAP_BE32 (srcHead->totalNodes);
255 srcHead->freeNodes = SWAP_BE32 (srcHead->freeNodes);
256
257 srcHead->clumpSize = SWAP_BE32 (srcHead->clumpSize);
258 srcHead->attributes = SWAP_BE32 (srcHead->attributes);
259
260 /* Don't swap srcHead->reserved1 */
261 /* Don't swap srcHead->btreeType; it's only one byte */
262 /* Don't swap srcHead->reserved2 */
263 /* Don't swap srcHead->reserved3 */
264 /* Don't swap bitmap */
265 }
266
267 /*
268 * If we are doing a swap from in-memory to on-disk, then swap the node
269 * descriptor and record offsets after we're done using them.
270 */
271 if (direction == kSwapBTNodeHostToBig) {
272 /*
273 * Sanity check and swap the forward and backward links.
274 * Ignore the header node since its forward and backwards links can legitimately
275 * point to itself.
276 */
277 if (srcDesc->fLink >= btcb->totalNodes) {
278 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
279 error = fsBTInvalidHeaderErr;
280 goto fail;
281 }
282 if ((src->blockNum != 0) && (srcDesc->fLink == (u_int32_t) src->blockNum)) {
283 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid forward link (0x%08x == 0x%08x)\n",
284 srcDesc->fLink, (u_int32_t) src->blockNum);
285 error = fsBTInvalidHeaderErr;
286 goto fail;
287 }
288
289 if (srcDesc->bLink >= btcb->totalNodes) {
290 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
291 error = fsBTInvalidHeaderErr;
292 goto fail;
293 }
294 if ((src->blockNum != 0) && (srcDesc->bLink == (u_int32_t) src->blockNum)) {
295 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid backward link (0x%08x == 0x%08x)\n",
296 srcDesc->bLink, (u_int32_t) src->blockNum);
297 error = fsBTInvalidHeaderErr;
298 goto fail;
299 }
300
301
302 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
303 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
304
305 /*
306 * Check srcDesc->kind. Don't swap it because it's only one byte.
307 */
308 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
309 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
310 error = fsBTInvalidHeaderErr;
311 goto fail;
312 }
313
314 /*
315 * Check srcDesc->height. Don't swap it because it's only one byte.
316 */
317 if (srcDesc->height > kMaxTreeDepth) {
318 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height);
319 error = fsBTInvalidHeaderErr;
320 goto fail;
321 }
322
323 /* Don't swap srcDesc->reserved */
324
325 /*
326 * Swap the node offsets (including the free space one!).
327 */
328 srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t))));
329
330 /*
331 * Sanity check that the record offsets are within the node itself.
332 */
333 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
334 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
335 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
336 error = fsBTInvalidHeaderErr;
337 goto fail;
338 }
339
340 /*
341 * Swap and sanity check each of the record offsets.
342 */
343 for (i = 0; i <= srcDesc->numRecords; i++) {
344 /*
345 * Sanity check: must be even, and within the node itself.
346 *
347 * We may be called to swap an unused node, which contains all zeroes.
348 * This can happen when the last record from a node gets deleted.
349 * This is why we allow the record offset to be zero.
350 * Unused nodes are expected only when allow_empty_node is true
351 * (the caller should set it to true for kSwapBTNodeBigToHost).
352 */
353 if ((srcOffs[i] & 1) ||
354 ((allow_empty_node == false) && (srcOffs[i] == 0)) ||
355 (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) ||
356 (srcOffs[i] > (src->blockSize - 2 * (srcDesc->numRecords + 1)))) {
357 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: offset #%d invalid (0x%04X) (blockSize 0x%lx numRecords %d)\n",
358 i, srcOffs[i], src->blockSize, srcDesc->numRecords);
359 error = fsBTInvalidHeaderErr;
360 goto fail;
361 }
362
363 /*
364 * Make sure the offsets are strictly increasing. Note that we're looping over
365 * them backwards, hence the order in the comparison.
366 */
367 if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) {
368 LFHFS_LOG(LEVEL_ERROR, "hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
369 i+1, i, srcOffs[i+1], srcOffs[i]);
370 error = fsBTInvalidHeaderErr;
371 goto fail;
372 }
373
374 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
375 }
376
377 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
378 }
379
380 fail:
381 lf_hfs_generic_buf_unlock(psBuf);
382 if (error) {
383 /*
384 * Log some useful information about where the corrupt node is.
385 */
386 LFHFS_LOG( LEVEL_ERROR, "lf_hfs: node=%lld fileID=%u volume=%s\n", src->blockNum, VTOC(vp)->c_fileid, VTOVCB(vp)->vcbVN);
387 hfs_mark_inconsistent(VTOVCB(vp), HFS_INCONSISTENCY_DETECTED);
388 }
389 #if DEBUG_BTNODE_SWAP
390 printf("hfs_swap_BTNode: after: 0x%x, 0x%x, 0x%x, 0x%x\n", pData[0], pData[1], pData[2], pData[3]);
391 #endif
392
393 return (error);
394 }
395
396 int
397 hfs_swap_HFSPlusBTInternalNode (
398 BlockDescriptor *src,
399 HFSCatalogNodeID fileID,
400 enum HFSBTSwapDirection direction
401 )
402 {
403 BTNodeDescriptor *srcDesc = src->buffer;
404 u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t))));
405 char *nextRecord; /* Points to start of record following current one */
406
407 /*
408 * i is an int32 because it needs to be negative to index the offset to free space.
409 * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok.
410 */
411
412 int32_t i;
413 u_int32_t j;
414
415 if (fileID == kHFSExtentsFileID) {
416 HFSPlusExtentKey *srcKey;
417 HFSPlusExtentDescriptor *srcRec;
418 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
419
420 if (srcDesc->kind == kBTIndexNode)
421 recordSize = sizeof(u_int32_t);
422 else
423 recordSize = sizeof(HFSPlusExtentDescriptor);
424
425 for (i = 0; i < srcDesc->numRecords; i++) {
426 /* Point to the start of the record we're currently checking. */
427 srcKey = (HFSPlusExtentKey *)((char *)src->buffer + srcOffs[i]);
428
429 /*
430 * Point to start of next (larger offset) record. We'll use this
431 * to be sure the current record doesn't overflow into the next
432 * record.
433 */
434 nextRecord = (char *)src->buffer + srcOffs[i-1];
435
436 /*
437 * Make sure the key and data are within the buffer. Since both key
438 * and data are fixed size, this is relatively easy. Note that this
439 * relies on the keyLength being a constant; we verify the keyLength
440 * below.
441 */
442 if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) {
443
444 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
445 if (direction == kSwapBTNodeHostToBig) {
446 hfs_assert(0);
447 }
448 return fsBTInvalidNodeErr;
449 }
450
451 if (direction == kSwapBTNodeBigToHost)
452 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
453 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
454
455 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
456 if (direction == kSwapBTNodeHostToBig) {
457 hfs_assert(0);
458 }
459 return fsBTInvalidNodeErr;
460 }
461 srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
462 if (direction == kSwapBTNodeHostToBig)
463 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
464
465 /* Don't swap srcKey->forkType; it's only one byte */
466 /* Don't swap srcKey->pad */
467
468 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
469 srcKey->startBlock = SWAP_BE32 (srcKey->startBlock);
470
471 if (srcDesc->kind == kBTIndexNode) {
472 /* For index nodes, the record data is just a child node number. */
473 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
474 } else {
475 /* Swap the extent data */
476 for (j = 0; j < kHFSPlusExtentDensity; j++) {
477 srcRec[j].startBlock = SWAP_BE32 (srcRec[j].startBlock);
478 srcRec[j].blockCount = SWAP_BE32 (srcRec[j].blockCount);
479 }
480 }
481 }
482
483 } else if (fileID == kHFSCatalogFileID) {
484 HFSPlusCatalogKey *srcKey;
485 int16_t *srcPtr;
486 u_int16_t keyLength;
487
488 for (i = 0; i < srcDesc->numRecords; i++) {
489 /* Point to the start of the record we're currently checking. */
490 srcKey = (HFSPlusCatalogKey *)((char *)src->buffer + srcOffs[i]);
491
492 /*
493 * Point to start of next (larger offset) record. We'll use this
494 * to be sure the current record doesn't overflow into the next
495 * record.
496 */
497 nextRecord = (char *)src->buffer + (uintptr_t)(srcOffs[i-1]);
498
499 /*
500 * Make sure we can safely dereference the keyLength and parentID fields.
501 */
502 if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) {
503 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
504 if (direction == kSwapBTNodeHostToBig) {
505 hfs_assert(0);
506 }
507 return fsBTInvalidNodeErr;
508 }
509
510 /*
511 * Swap and sanity check the key length
512 */
513 if (direction == kSwapBTNodeBigToHost)
514 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
515 keyLength = srcKey->keyLength; /* Put it in a local (native order) because we use it several times */
516 if (direction == kSwapBTNodeHostToBig)
517 srcKey->keyLength = SWAP_BE16 (keyLength);
518
519 /* Sanity check the key length */
520 if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) {
521
522 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
523 if (direction == kSwapBTNodeHostToBig) {
524 hfs_assert(0);
525 }
526 return fsBTInvalidNodeErr;
527 }
528
529 /*
530 * Make sure that we can safely dereference the record's type field or
531 * an index node's child node number.
532 */
533 srcPtr = (int16_t *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
534 if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) {
535
536 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
537 if (direction == kSwapBTNodeHostToBig) {
538 hfs_assert(0);
539 }
540 return fsBTInvalidNodeErr;
541 }
542
543 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
544
545 /*
546 * Swap and sanity check the key's node name
547 */
548 if (direction == kSwapBTNodeBigToHost)
549 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
550 /* Make sure name length is consistent with key length */
551 if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
552 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) {
553 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n",
554 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
555 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
556 if (direction == kSwapBTNodeHostToBig) {
557 hfs_assert(0);
558 }
559 return fsBTInvalidNodeErr;
560 }
561 for (j = 0; j < srcKey->nodeName.length; j++) {
562 srcKey->nodeName.unicode[j] = SWAP_BE16 (srcKey->nodeName.unicode[j]);
563 }
564 if (direction == kSwapBTNodeHostToBig)
565 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
566
567 /*
568 * For index nodes, the record data is just the child's node number.
569 * Skip over swapping the various types of catalog record.
570 */
571 if (srcDesc->kind == kBTIndexNode) {
572 *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr));
573 continue;
574 }
575
576 /* Make sure the recordType is in native order before using it. */
577 if (direction == kSwapBTNodeBigToHost)
578 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
579
580 if (srcPtr[0] == kHFSPlusFolderRecord) {
581 HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr;
582 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
583
584 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
585 if (direction == kSwapBTNodeHostToBig) {
586 hfs_assert(0);
587 }
588 return fsBTInvalidNodeErr;
589 }
590
591 srcRec->flags = SWAP_BE16 (srcRec->flags);
592 srcRec->valence = SWAP_BE32 (srcRec->valence);
593 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
594 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
595 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
596 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
597 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
598 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
599
600 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
601 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
602
603 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
604 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
605
606 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
607 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
608
609 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
610
611 /* Don't swap srcRec->userInfo */
612 /* Don't swap srcRec->finderInfo */
613 srcRec->folderCount = SWAP_BE32 (srcRec->folderCount);
614
615 } else if (srcPtr[0] == kHFSPlusFileRecord) {
616 HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr;
617 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
618
619 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
620 if (direction == kSwapBTNodeHostToBig) {
621 hfs_assert(0);
622 }
623 return fsBTInvalidNodeErr;
624 }
625
626 srcRec->flags = SWAP_BE16 (srcRec->flags);
627
628 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
629
630 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
631 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
632 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
633 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
634 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
635
636 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
637 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
638
639 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
640 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
641
642 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
643 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
644
645 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
646
647 /* If kHFSHasLinkChainBit is set, reserved1 is hl_FirstLinkID.
648 * In all other context, it is expected to be zero.
649 */
650 srcRec->reserved1 = SWAP_BE32 (srcRec->reserved1);
651
652 /* Don't swap srcRec->userInfo */
653 /* Don't swap srcRec->finderInfo */
654 /* Don't swap srcRec->reserved2 */
655
656 hfs_swap_HFSPlusForkData (&srcRec->dataFork);
657 hfs_swap_HFSPlusForkData (&srcRec->resourceFork);
658
659 } else if ((srcPtr[0] == kHFSPlusFolderThreadRecord) ||
660 (srcPtr[0] == kHFSPlusFileThreadRecord)) {
661
662 /*
663 * Make sure there is room for parentID and name length.
664 */
665 HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr;
666 if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) {
667 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
668 if (direction == kSwapBTNodeHostToBig) {
669 hfs_assert(0);
670 }
671 return fsBTInvalidNodeErr;
672 }
673
674 /* Don't swap srcRec->reserved */
675
676 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
677
678 if (direction == kSwapBTNodeBigToHost)
679 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
680
681 /*
682 * Make sure there is room for the name in the buffer.
683 * Then swap the characters of the name itself.
684 */
685 if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) {
686 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
687 if (direction == kSwapBTNodeHostToBig) {
688 hfs_assert(0);
689 }
690 return fsBTInvalidNodeErr;
691 }
692 for (j = 0; j < srcRec->nodeName.length; j++) {
693 srcRec->nodeName.unicode[j] = SWAP_BE16 (srcRec->nodeName.unicode[j]);
694 }
695
696 if (direction == kSwapBTNodeHostToBig)
697 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
698
699 } else {
700 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
701 if (direction == kSwapBTNodeHostToBig) {
702 hfs_assert(0);
703 }
704 return fsBTInvalidNodeErr;
705 }
706
707 /* We can swap the record type now that we're done using it. */
708 if (direction == kSwapBTNodeHostToBig)
709 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
710 }
711
712 } else if (fileID == kHFSAttributesFileID) {
713 HFSPlusAttrKey *srcKey;
714 HFSPlusAttrRecord *srcRec;
715 u_int16_t keyLength;
716 u_int32_t attrSize = 0;
717
718 for (i = 0; i < srcDesc->numRecords; i++) {
719 /* Point to the start of the record we're currently checking. */
720 srcKey = (HFSPlusAttrKey *)((char *)src->buffer + srcOffs[i]);
721
722 /*
723 * Point to start of next (larger offset) record. We'll use this
724 * to be sure the current record doesn't overflow into the next
725 * record.
726 */
727 nextRecord = (char *)src->buffer + srcOffs[i-1];
728
729 /* Make sure there is room in the buffer for a minimal key */
730 if ((char *) &srcKey->attrName[1] > nextRecord) {
731 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
732 if (direction == kSwapBTNodeHostToBig) {
733 hfs_assert(0);
734 }
735 return fsBTInvalidNodeErr;
736 }
737
738 /* Swap the key length field */
739 if (direction == kSwapBTNodeBigToHost)
740 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
741 keyLength = srcKey->keyLength; /* Keep a copy in native order */
742 if (direction == kSwapBTNodeHostToBig)
743 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
744
745 /*
746 * Make sure that we can safely dereference the record's type field or
747 * an index node's child node number.
748 */
749 srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
750 if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) {
751 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
752 if (direction == kSwapBTNodeHostToBig) {
753 hfs_assert(0);
754 }
755 return fsBTInvalidNodeErr;
756 }
757
758 srcKey->fileID = SWAP_BE32(srcKey->fileID);
759 srcKey->startBlock = SWAP_BE32(srcKey->startBlock);
760
761 /*
762 * Swap and check the attribute name
763 */
764 if (direction == kSwapBTNodeBigToHost)
765 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
766 /* Sanity check the attribute name length */
767 if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) {
768
769 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
770 if (direction == kSwapBTNodeHostToBig) {
771 hfs_assert(0);
772 }
773 return fsBTInvalidNodeErr;
774 }
775 for (j = 0; j < srcKey->attrNameLen; j++)
776 srcKey->attrName[j] = SWAP_BE16(srcKey->attrName[j]);
777 if (direction == kSwapBTNodeHostToBig)
778 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
779
780 /*
781 * For index nodes, the record data is just the child's node number.
782 * Skip over swapping the various types of attribute record.
783 */
784 if (srcDesc->kind == kBTIndexNode) {
785 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
786 continue;
787 }
788
789 /* Swap the record data */
790 if (direction == kSwapBTNodeBigToHost)
791 srcRec->recordType = SWAP_BE32(srcRec->recordType);
792 switch (srcRec->recordType) {
793 case kHFSPlusAttrInlineData:
794 /* Is there room for the inline data header? */
795 if ((char *) &srcRec->attrData.attrData[0] > nextRecord) {
796
797 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
798 if (direction == kSwapBTNodeHostToBig) {
799 hfs_assert(0);
800 }
801 return fsBTInvalidNodeErr;
802 }
803
804 /* We're not swapping the reserved fields */
805
806 /* Swap the attribute size */
807 if (direction == kSwapBTNodeHostToBig)
808 attrSize = srcRec->attrData.attrSize;
809 srcRec->attrData.attrSize = SWAP_BE32(srcRec->attrData.attrSize);
810 if (direction == kSwapBTNodeBigToHost)
811 attrSize = srcRec->attrData.attrSize;
812
813 /* Is there room for the inline attribute data? */
814 if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) {
815 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
816 if (direction == kSwapBTNodeHostToBig) {
817 hfs_assert(0);
818 }
819 return fsBTInvalidNodeErr;
820 }
821
822 /* Not swapping the attribute data itself */
823 break;
824
825 case kHFSPlusAttrForkData:
826 /* Is there room for the fork data record? */
827 if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) {
828 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
829 if (direction == kSwapBTNodeHostToBig) {
830 hfs_assert(0);
831 }
832 return fsBTInvalidNodeErr;
833 }
834
835 /* We're not swapping the reserved field */
836
837 hfs_swap_HFSPlusForkData(&srcRec->forkData.theFork);
838 break;
839
840 case kHFSPlusAttrExtents:
841 /* Is there room for an extent record? */
842 if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) {
843 LFHFS_LOG((direction == kSwapBTNodeHostToBig) ? LEVEL_ERROR : LEVEL_DEBUG, "hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
844 if (direction == kSwapBTNodeHostToBig) {
845 hfs_assert(0);
846 }
847 return fsBTInvalidNodeErr;
848 }
849
850 /* We're not swapping the reserved field */
851
852 for (j = 0; j < kHFSPlusExtentDensity; j++) {
853 srcRec->overflowExtents.extents[j].startBlock =
854 SWAP_BE32(srcRec->overflowExtents.extents[j].startBlock);
855 srcRec->overflowExtents.extents[j].blockCount =
856 SWAP_BE32(srcRec->overflowExtents.extents[j].blockCount);
857 }
858 break;
859 }
860 if (direction == kSwapBTNodeHostToBig)
861 srcRec->recordType = SWAP_BE32(srcRec->recordType);
862 }
863 }
864 else {
865 LFHFS_LOG(LEVEL_ERROR, "hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID);
866 hfs_assert(0);
867 }
868
869
870 return (0);
871 }
872
mirror of hfs