]> git.saurik.com Git - apple/xnu.git/blame - bsd/hfs/hfs_endian.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-3247.1.106.tar.gz
[apple/xnu.git] / bsd / hfs / hfs_endian.c
CommitLineData
1c79356b 1/*
fe8ab488 2 * Copyright (c) 2000-2014 Apple Inc. All rights reserved.
5d5c5d0d 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28
29/*
30 * hfs_endian.c
31 *
32 * This file implements endian swapping routines for the HFS/HFS Plus
33 * volume format.
34 */
35
1c79356b
A		 36#include "hfs_endian.h"
37#include "hfs_dbg.h"
3a60a9f5 38#include "hfscommon/headers/BTreesPrivate.h"
1c79356b
A		 39
40#undef ENDIAN_DEBUG
41
3a60a9f5
A		 42/*
43 * Internal swapping routines
44 *
45 * These routines handle swapping the records of leaf and index nodes. The
46 * layout of the keys and records varies depending on the kind of B-tree
47 * (determined by fileID).
48 *
49 * The direction parameter must be kSwapBTNodeBigToHost or kSwapBTNodeHostToBig.
50 * The kSwapBTNodeHeaderRecordOnly "direction" is not valid for these routines.
51 */
6d2010ae 52int hfs_swap_HFSPlusBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
6d2010ae 53void hfs_swap_HFSPlusForkData (HFSPlusForkData *src);
1c79356b 54
39236c6e
A		 55#if CONFIG_HFS_STD
56int hfs_swap_HFSBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
57#endif
58
1c79356b
A		 59/*
60 * hfs_swap_HFSPlusForkData
1c79356b 61 */
6d2010ae 62void
1c79356b
A		 63hfs_swap_HFSPlusForkData (
64 HFSPlusForkData *src
65)
66{
67 int i;
68
1c79356b
A		 69 src->logicalSize = SWAP_BE64 (src->logicalSize);
70
71 src->clumpSize = SWAP_BE32 (src->clumpSize);
72 src->totalBlocks = SWAP_BE32 (src->totalBlocks);
73
74 for (i = 0; i < kHFSPlusExtentDensity; i++) {
75 src->extents[i].startBlock = SWAP_BE32 (src->extents[i].startBlock);
76 src->extents[i].blockCount = SWAP_BE32 (src->extents[i].blockCount);
77 }
78}
79
80/*
81 * hfs_swap_BTNode
82 *
83 * NOTE: This operation is not naturally symmetric.
84 * We have to determine which way we're swapping things.
85 */
86int
87hfs_swap_BTNode (
88 BlockDescriptor *src,
3a60a9f5 89 vnode_t vp,
935ed37a
A		 90 enum HFSBTSwapDirection direction,
91 u_int8_t allow_empty_node
1c79356b
A		 92)
93{
94 BTNodeDescriptor *srcDesc = src->buffer;
2d21ac55 95 u_int16_t *srcOffs = NULL;
3a60a9f5 96 BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr;
b0d623f7 97 u_int16_t i; /* index to match srcDesc->numRecords */
1c79356b
A		 98 int error = 0;
99
1c79356b 100#ifdef ENDIAN_DEBUG
3a60a9f5 101 if (direction == kSwapBTNodeBigToHost) {
b0d623f7 102 printf ("hfs: BE -> Native Swap\n");
3a60a9f5 103 } else if (direction == kSwapBTNodeHostToBig) {
b0d623f7 104 printf ("hfs: Native -> BE Swap\n");
3a60a9f5 105 } else if (direction == kSwapBTNodeHeaderRecordOnly) {
b0d623f7 106 printf ("hfs: Not swapping descriptors\n");
1c79356b 107 } else {
3a60a9f5 108 panic ("hfs_swap_BTNode: This is impossible");
1c79356b
A		 109 }
110#endif
111
3a60a9f5
A		 112 /*
113 * If we are doing a swap from on-disk to in-memory, then swap the node
114 * descriptor and record offsets before we need to use them.
115 */
116 if (direction == kSwapBTNodeBigToHost) {
1c79356b
A		 117 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
118 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
119
3a60a9f5
A		 120 /*
121 * When first opening a BTree, we have to read the header node before the
122 * control block is initialized. In this case, totalNodes will be zero,
593a1d5f
A		 123 * so skip the bounds checking. Also, we should ignore the header node when
124 * checking for invalid forwards and backwards links, since the header node's
125 * links can point back to itself legitimately.
3a60a9f5
A		 126 */
127 if (btcb->totalNodes != 0) {
128 if (srcDesc->fLink >= btcb->totalNodes) {
3e170ce0
A		 129#if DEVELOPMENT || DEBUG
130 panic("hfs_swap_BTNode: invalid forward link (0x%08x >= 0x%08x)\n", srcDesc->fLink, btcb->totalNodes);
131#else
2d21ac55 132 printf("hfs_swap_BTNode: invalid forward link (0x%08x >= 0x%08x)\n", srcDesc->fLink, btcb->totalNodes);
3e170ce0 133#endif
3a60a9f5
A		 134 error = fsBTInvalidHeaderErr;
135 goto fail;
136 }
137 if (srcDesc->bLink >= btcb->totalNodes) {
3e170ce0
A		 138#if DEVELOPMENT || DEBUG
139 panic("hfs_swap_BTNode: invalid backward link (0x%08x >= 0x%08x)\n", srcDesc->bLink, btcb->totalNodes);
140#else
2d21ac55 141 printf("hfs_swap_BTNode: invalid backward link (0x%08x >= 0x%08x)\n", srcDesc->bLink, btcb->totalNodes);
3e170ce0 142#endif
3a60a9f5
A		 143 error = fsBTInvalidHeaderErr;
144 goto fail;
145 }
593a1d5f
A		 146
147 if ((src->blockNum != 0) && (srcDesc->fLink == (u_int32_t) src->blockNum)) {
3e170ce0
A		 148#if DEVELOPMENT || DEBUG
149 panic("hfs_swap_BTNode: invalid forward link (0x%08x == 0x%08x)\n",
150 srcDesc->fLink, (u_int32_t) src->blockNum);
151#else
593a1d5f
A		 152 printf("hfs_swap_BTNode: invalid forward link (0x%08x == 0x%08x)\n",
153 srcDesc->fLink, (u_int32_t) src->blockNum);
3e170ce0 154#endif
593a1d5f
A		 155 error = fsBTInvalidHeaderErr;
156 goto fail;
157 }
158 if ((src->blockNum != 0) && (srcDesc->bLink == (u_int32_t) src->blockNum)) {
3e170ce0
A		 159#if DEVELOPMENT || DEBUG
160 panic("hfs_swap_BTNode: invalid backward link (0x%08x == 0x%08x)\n",
161 srcDesc->bLink, (u_int32_t) src->blockNum);
162#else
593a1d5f
A		 163 printf("hfs_swap_BTNode: invalid backward link (0x%08x == 0x%08x)\n",
164 srcDesc->bLink, (u_int32_t) src->blockNum);
3e170ce0 165#endif
593a1d5f
A		 166 error = fsBTInvalidHeaderErr;
167 goto fail;
168 }
169
b0d623f7 170
3a60a9f5
A		 171 }
172
173 /*
174 * Check srcDesc->kind. Don't swap it because it's only one byte.
175 */
176 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
177 printf("hfs_swap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
178 error = fsBTInvalidHeaderErr;
179 goto fail;
180 }
181
182 /*
183 * Check srcDesc->height. Don't swap it because it's only one byte.
184 */
6d2010ae 185 if (srcDesc->height > kMaxTreeDepth) {
3a60a9f5
A		 186 printf("hfs_swap_BTNode: invalid node height (%d)\n", srcDesc->height);
187 error = fsBTInvalidHeaderErr;
188 goto fail;
189 }
190
1c79356b
A		 191 /* Don't swap srcDesc->reserved */
192
193 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
194
3a60a9f5
A		 195 /*
196 * Swap the node offsets (including the free space one!).
197 */
2d21ac55 198 srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t))));
1c79356b 199
3a60a9f5
A		 200 /*
201 * Sanity check that the record offsets are within the node itself.
202 */
203 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
204 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
205 printf("hfs_swap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
206 error = fsBTInvalidHeaderErr;
207 goto fail;
1c79356b
A		 208 }
209
3a60a9f5
A		 210 /*
211 * Swap and sanity check each of the record offsets.
212 */
213 for (i = 0; i <= srcDesc->numRecords; i++) {
1c79356b
A		 214 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
215
3a60a9f5
A		 216 /*
217 * Sanity check: must be even, and within the node itself.
218 *
219 * We may be called to swap an unused node, which contains all zeroes.
935ed37a
A		 220 * Unused nodes are expected only when allow_empty_node is true.
221 * If it is false and record offset is zero, return error.
3a60a9f5 222 */
935ed37a
A		 223 if ((srcOffs[i] & 1) || (
224 (allow_empty_node == false) && (srcOffs[i] == 0)) ||
225 (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) ||
226 (srcOffs[i] >= src->blockSize)) {
3a60a9f5
A		 227 printf("hfs_swap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
228 error = fsBTInvalidHeaderErr;
229 goto fail;
230 }
231
232 /*
233 * Make sure the offsets are strictly increasing. Note that we're looping over
234 * them backwards, hence the order in the comparison.
235 */
236 if ((i != 0) && (srcOffs[i] >= srcOffs[i-1])) {
237 printf("hfs_swap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
238 srcDesc->numRecords-i-1, srcDesc->numRecords-i, srcOffs[i], srcOffs[i-1]);
239 error = fsBTInvalidHeaderErr;
240 goto fail;
1c79356b
A		 241 }
242 }
243 }
244
3a60a9f5
A		 245 /*
246 * Swap the records (ordered by frequency of access)
247 */
1c79356b
A		 248 if ((srcDesc->kind == kBTIndexNode) ||
249 (srcDesc-> kind == kBTLeafNode)) {
250
3a60a9f5
A		 251 if (VTOVCB(vp)->vcbSigWord == kHFSPlusSigWord) {
252 error = hfs_swap_HFSPlusBTInternalNode (src, VTOC(vp)->c_fileid, direction);
39236c6e
A		 253 }
254#if CONFIG_HFS_STD
255 else {
3a60a9f5 256 error = hfs_swap_HFSBTInternalNode (src, VTOC(vp)->c_fileid, direction);
1c79356b 257 }
39236c6e 258#endif
1c79356b 259
3a60a9f5
A		 260 if (error) goto fail;
261
1c79356b
A		 262 } else if (srcDesc-> kind == kBTMapNode) {
263 /* Don't swap the bitmaps, they'll be done in the bitmap routines */
264
1c79356b 265 } else if (srcDesc-> kind == kBTHeaderNode) {
3a60a9f5
A		 266 /* The header's offset is hard-wired because we cannot trust the offset pointers. */
267 BTHeaderRec *srcHead = (BTHeaderRec *)((char *)src->buffer + sizeof(BTNodeDescriptor));
1c79356b
A		 268
269 srcHead->treeDepth = SWAP_BE16 (srcHead->treeDepth);
270
271 srcHead->rootNode = SWAP_BE32 (srcHead->rootNode);
272 srcHead->leafRecords = SWAP_BE32 (srcHead->leafRecords);
273 srcHead->firstLeafNode = SWAP_BE32 (srcHead->firstLeafNode);
274 srcHead->lastLeafNode = SWAP_BE32 (srcHead->lastLeafNode);
275
276 srcHead->nodeSize = SWAP_BE16 (srcHead->nodeSize);
277 srcHead->maxKeyLength = SWAP_BE16 (srcHead->maxKeyLength);
278
279 srcHead->totalNodes = SWAP_BE32 (srcHead->totalNodes);
280 srcHead->freeNodes = SWAP_BE32 (srcHead->freeNodes);
281
282 srcHead->clumpSize = SWAP_BE32 (srcHead->clumpSize);
283 srcHead->attributes = SWAP_BE32 (srcHead->attributes);
284
285 /* Don't swap srcHead->reserved1 */
3a60a9f5 286 /* Don't swap srcHead->btreeType; it's only one byte */
1c79356b
A		 287 /* Don't swap srcHead->reserved2 */
288 /* Don't swap srcHead->reserved3 */
289 /* Don't swap bitmap */
290 }
291
3a60a9f5
A		 292 /*
293 * If we are doing a swap from in-memory to on-disk, then swap the node
294 * descriptor and record offsets after we're done using them.
295 */
296 if (direction == kSwapBTNodeHostToBig) {
297 /*
cf7d32b8 298 * Sanity check and swap the forward and backward links.
593a1d5f
A		 299 * Ignore the header node since its forward and backwards links can legitimately
300 * point to itself.
3a60a9f5
A		 301 */
302 if (srcDesc->fLink >= btcb->totalNodes) {
cf7d32b8 303 panic("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
3a60a9f5
A		 304 error = fsBTInvalidHeaderErr;
305 goto fail;
306 }
593a1d5f
A		 307 if ((src->blockNum != 0) && (srcDesc->fLink == (u_int32_t) src->blockNum)) {
308 panic ("hfs_UNswap_BTNode: invalid forward link (0x%08x == 0x%08x)\n",
309 srcDesc->fLink, (u_int32_t) src->blockNum);
310 error = fsBTInvalidHeaderErr;
311 goto fail;
312 }
313
3a60a9f5 314 if (srcDesc->bLink >= btcb->totalNodes) {
cf7d32b8 315 panic("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
3a60a9f5
A		 316 error = fsBTInvalidHeaderErr;
317 goto fail;
318 }
593a1d5f
A		 319 if ((src->blockNum != 0) && (srcDesc->bLink == (u_int32_t) src->blockNum)) {
320 panic ("hfs_UNswap_BTNode: invalid backward link (0x%08x == 0x%08x)\n",
321 srcDesc->bLink, (u_int32_t) src->blockNum);
322 error = fsBTInvalidHeaderErr;
323 goto fail;
324 }
325
326
1c79356b
A		 327 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
328 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
329
3a60a9f5
A		 330 /*
331 * Check srcDesc->kind. Don't swap it because it's only one byte.
332 */
333 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
cf7d32b8 334 panic("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
3a60a9f5
A		 335 error = fsBTInvalidHeaderErr;
336 goto fail;
337 }
338
339 /*
340 * Check srcDesc->height. Don't swap it because it's only one byte.
341 */
6d2010ae 342 if (srcDesc->height > kMaxTreeDepth) {
cf7d32b8 343 panic("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height);
3a60a9f5
A		 344 error = fsBTInvalidHeaderErr;
345 goto fail;
346 }
347
1c79356b
A		 348 /* Don't swap srcDesc->reserved */
349
3a60a9f5
A		 350 /*
351 * Swap the node offsets (including the free space one!).
352 */
2d21ac55 353 srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t))));
1c79356b 354
3a60a9f5
A		 355 /*
356 * Sanity check that the record offsets are within the node itself.
357 */
358 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
359 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
cf7d32b8 360 panic("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
3a60a9f5
A		 361 error = fsBTInvalidHeaderErr;
362 goto fail;
1c79356b
A		 363 }
364
3a60a9f5
A		 365 /*
366 * Swap and sanity check each of the record offsets.
367 */
368 for (i = 0; i <= srcDesc->numRecords; i++) {
369 /*
370 * Sanity check: must be even, and within the node itself.
371 *
372 * We may be called to swap an unused node, which contains all zeroes.
935ed37a 373 * This can happen when the last record from a node gets deleted.
3a60a9f5 374 * This is why we allow the record offset to be zero.
935ed37a
A		 375 * Unused nodes are expected only when allow_empty_node is true
376 * (the caller should set it to true for kSwapBTNodeBigToHost).
3a60a9f5 377 */
935ed37a
A		 378 if ((srcOffs[i] & 1) ||
379 ((allow_empty_node == false) && (srcOffs[i] == 0)) ||
380 (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) ||
381 (srcOffs[i] >= src->blockSize)) {
cf7d32b8 382 panic("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
3a60a9f5
A		 383 error = fsBTInvalidHeaderErr;
384 goto fail;
385 }
386
387 /*
388 * Make sure the offsets are strictly increasing. Note that we're looping over
389 * them backwards, hence the order in the comparison.
390 */
391 if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) {
cf7d32b8 392 panic("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
3a60a9f5
A		 393 srcDesc->numRecords-i-2, srcDesc->numRecords-i-1, srcOffs[i+1], srcOffs[i]);
394 error = fsBTInvalidHeaderErr;
395 goto fail;
1c79356b
A		 396 }
397
398 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
399 }
400
401 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
402 }
3a60a9f5
A		 403
404fail:
405 if (error) {
406 /*
407 * Log some useful information about where the corrupt node is.
408 */
b0d623f7 409 printf("hfs: node=%lld fileID=%u volume=%s device=%s\n", src->blockNum, VTOC(vp)->c_fileid,
3a60a9f5 410 VTOVCB(vp)->vcbVN, vfs_statfs(vnode_mount(vp))->f_mntfromname);
fe8ab488 411 hfs_mark_inconsistent(VTOVCB(vp), HFS_INCONSISTENCY_DETECTED);
3a60a9f5
A		 412 }
413
1c79356b
A		 414 return (error);
415}
416
6d2010ae 417int
1c79356b
A		 418hfs_swap_HFSPlusBTInternalNode (
419 BlockDescriptor *src,
420 HFSCatalogNodeID fileID,
3a60a9f5 421 enum HFSBTSwapDirection direction
1c79356b
A		 422)
423{
424 BTNodeDescriptor *srcDesc = src->buffer;
2d21ac55
A		 425 u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t))));
426 char *nextRecord; /* Points to start of record following current one */
427
428 /*
429 * i is an int32 because it needs to be negative to index the offset to free space.
430 * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok.
431 */
432
433 int32_t i;
434 u_int32_t j;
1c79356b 435
1c79356b
A		 436 if (fileID == kHFSExtentsFileID) {
437 HFSPlusExtentKey *srcKey;
438 HFSPlusExtentDescriptor *srcRec;
3a60a9f5 439 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
1c79356b 440
3a60a9f5 441 if (srcDesc->kind == kBTIndexNode)
2d21ac55 442 recordSize = sizeof(u_int32_t);
3a60a9f5
A		 443 else
444 recordSize = sizeof(HFSPlusExtentDescriptor);
445
1c79356b 446 for (i = 0; i < srcDesc->numRecords; i++) {
3a60a9f5 447 /* Point to the start of the record we're currently checking. */
1c79356b 448 srcKey = (HFSPlusExtentKey *)((char *)src->buffer + srcOffs[i]);
3a60a9f5
A		 449
450 /*
451 * Point to start of next (larger offset) record. We'll use this
452 * to be sure the current record doesn't overflow into the next
453 * record.
454 */
455 nextRecord = (char *)src->buffer + srcOffs[i-1];
1c79356b 456
3a60a9f5
A		 457 /*
458 * Make sure the key and data are within the buffer. Since both key
459 * and data are fixed size, this is relatively easy. Note that this
460 * relies on the keyLength being a constant; we verify the keyLength
461 * below.
462 */
463 if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) {
cf7d32b8
A		 464 if (direction == kSwapBTNodeHostToBig) {
465 panic("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
466 } else {
467 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
468 }
3a60a9f5
A		 469 return fsBTInvalidNodeErr;
470 }
471
472 if (direction == kSwapBTNodeBigToHost)
473 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
474 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
cf7d32b8
A		 475 if (direction == kSwapBTNodeHostToBig) {
476 panic("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
477 } else {
478 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
479 }
3a60a9f5
A		 480 return fsBTInvalidNodeErr;
481 }
482 srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
483 if (direction == kSwapBTNodeHostToBig)
484 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
1c79356b 485
3a60a9f5 486 /* Don't swap srcKey->forkType; it's only one byte */
1c79356b
A		 487 /* Don't swap srcKey->pad */
488
489 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
490 srcKey->startBlock = SWAP_BE32 (srcKey->startBlock);
491
1c79356b 492 if (srcDesc->kind == kBTIndexNode) {
3a60a9f5 493 /* For index nodes, the record data is just a child node number. */
2d21ac55 494 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
3a60a9f5
A		 495 } else {
496 /* Swap the extent data */
497 for (j = 0; j < kHFSPlusExtentDensity; j++) {
498 srcRec[j].startBlock = SWAP_BE32 (srcRec[j].startBlock);
499 srcRec[j].blockCount = SWAP_BE32 (srcRec[j].blockCount);
500 }
1c79356b
A		 501 }
502 }
503
504 } else if (fileID == kHFSCatalogFileID) {
505 HFSPlusCatalogKey *srcKey;
2d21ac55 506 int16_t *srcPtr;
3a60a9f5
A		 507 u_int16_t keyLength;
508
1c79356b 509 for (i = 0; i < srcDesc->numRecords; i++) {
3a60a9f5 510 /* Point to the start of the record we're currently checking. */
1c79356b
A		 511 srcKey = (HFSPlusCatalogKey *)((char *)src->buffer + srcOffs[i]);
512
3a60a9f5
A		 513 /*
514 * Point to start of next (larger offset) record. We'll use this
515 * to be sure the current record doesn't overflow into the next
516 * record.
517 */
b0d623f7 518 nextRecord = (char *)src->buffer + (uintptr_t)(srcOffs[i-1]);
3a60a9f5
A		 519
520 /*
cf7d32b8
A		 521 * Make sure we can safely dereference the keyLength and parentID fields.
522 */
3a60a9f5 523 if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) {
cf7d32b8
A		 524 if (direction == kSwapBTNodeHostToBig) {
525 panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
526 } else {
527 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
528 }
3a60a9f5
A		 529 return fsBTInvalidNodeErr;
530 }
531
532 /*
533 * Swap and sanity check the key length
534 */
535 if (direction == kSwapBTNodeBigToHost)
536 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
537 keyLength = srcKey->keyLength; /* Put it in a local (native order) because we use it several times */
538 if (direction == kSwapBTNodeHostToBig)
539 srcKey->keyLength = SWAP_BE16 (keyLength);
1c79356b 540
3a60a9f5
A		 541 /* Sanity check the key length */
542 if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) {
cf7d32b8
A		 543 if (direction == kSwapBTNodeHostToBig) {
544 panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
545 } else {
546 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
547 }
3a60a9f5
A		 548 return fsBTInvalidNodeErr;
549 }
550
551 /*
552 * Make sure that we can safely dereference the record's type field or
553 * an index node's child node number.
554 */
2d21ac55
A		 555 srcPtr = (int16_t *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
556 if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) {
cf7d32b8
A		 557 if (direction == kSwapBTNodeHostToBig) {
558 panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
559 } else {
560 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
561 }
3a60a9f5
A		 562 return fsBTInvalidNodeErr;
563 }
564
1c79356b
A		 565 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
566
3a60a9f5
A		 567 /*
568 * Swap and sanity check the key's node name
569 */
570 if (direction == kSwapBTNodeBigToHost)
571 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
572 /* Make sure name length is consistent with key length */
573 if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
574 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) {
cf7d32b8
A		 575 if (direction == kSwapBTNodeHostToBig) {
576 panic("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n",
577 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
578 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
579 } else {
580 printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n",
581 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
582 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
583 }
3a60a9f5
A		 584 return fsBTInvalidNodeErr;
585 }
1c79356b
A		 586 for (j = 0; j < srcKey->nodeName.length; j++) {
587 srcKey->nodeName.unicode[j] = SWAP_BE16 (srcKey->nodeName.unicode[j]);
588 }
3a60a9f5
A		 589 if (direction == kSwapBTNodeHostToBig)
590 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
1c79356b 591
3a60a9f5
A		 592 /*
593 * For index nodes, the record data is just the child's node number.
594 * Skip over swapping the various types of catalog record.
595 */
1c79356b 596 if (srcDesc->kind == kBTIndexNode) {
2d21ac55 597 *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr));
1c79356b
A		 598 continue;
599 }
600
3a60a9f5
A		 601 /* Make sure the recordType is in native order before using it. */
602 if (direction == kSwapBTNodeBigToHost)
603 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1c79356b
A		 604
605 if (srcPtr[0] == kHFSPlusFolderRecord) {
606 HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr;
3a60a9f5 607 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
cf7d32b8
A		 608 if (direction == kSwapBTNodeHostToBig) {
609 panic("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
610 } else {
611 printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
612 }
3a60a9f5
A		 613 return fsBTInvalidNodeErr;
614 }
615
1c79356b
A		 616 srcRec->flags = SWAP_BE16 (srcRec->flags);
617 srcRec->valence = SWAP_BE32 (srcRec->valence);
618 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
619 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
620 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
621 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
622 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
623 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
624
625 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
626 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
627
3a60a9f5
A		 628 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
629 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
1c79356b
A		 630
631 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
632 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
633
634 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
635
636 /* Don't swap srcRec->userInfo */
637 /* Don't swap srcRec->finderInfo */
2d21ac55
A		 638 srcRec->folderCount = SWAP_BE32 (srcRec->folderCount);
639
1c79356b
A		 640 } else if (srcPtr[0] == kHFSPlusFileRecord) {
641 HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr;
3a60a9f5 642 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
cf7d32b8
A		 643 if (direction == kSwapBTNodeHostToBig) {
644 panic("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
645 } else {
646 printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
647 }
3a60a9f5
A		 648 return fsBTInvalidNodeErr;
649 }
1c79356b
A		 650
651 srcRec->flags = SWAP_BE16 (srcRec->flags);
652
653 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
654
655 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
656 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
657 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
658 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
659 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
660
661 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
662 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
663
3a60a9f5
A		 664 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
665 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
1c79356b
A		 666
667 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
668 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
669
670 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
2d21ac55
A		 671
672 /* If kHFSHasLinkChainBit is set, reserved1 is hl_FirstLinkID.
cf7d32b8
A		 673 * In all other context, it is expected to be zero.
674 */
2d21ac55
A		 675 srcRec->reserved1 = SWAP_BE32 (srcRec->reserved1);
676
1c79356b
A		 677 /* Don't swap srcRec->userInfo */
678 /* Don't swap srcRec->finderInfo */
679 /* Don't swap srcRec->reserved2 */
680
681 hfs_swap_HFSPlusForkData (&srcRec->dataFork);
682 hfs_swap_HFSPlusForkData (&srcRec->resourceFork);
683
684 } else if ((srcPtr[0] == kHFSPlusFolderThreadRecord) ||
685 (srcPtr[0] == kHFSPlusFileThreadRecord)) {
686
3a60a9f5
A		 687 /*
688 * Make sure there is room for parentID and name length.
689 */
1c79356b 690 HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr;
3a60a9f5 691 if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) {
cf7d32b8
A		 692 if (direction == kSwapBTNodeHostToBig) {
693 panic("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
694 } else {
695 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
696 }
3a60a9f5
A		 697 return fsBTInvalidNodeErr;
698 }
699
1c79356b
A		 700 /* Don't swap srcRec->reserved */
701
702 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
703
3a60a9f5
A		 704 if (direction == kSwapBTNodeBigToHost)
705 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
706
707 /*
708 * Make sure there is room for the name in the buffer.
709 * Then swap the characters of the name itself.
710 */
711 if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) {
cf7d32b8
A		 712 if (direction == kSwapBTNodeHostToBig) {
713 panic("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
714 } else {
715 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
716 }
3a60a9f5
A		 717 return fsBTInvalidNodeErr;
718 }
1c79356b
A		 719 for (j = 0; j < srcRec->nodeName.length; j++) {
720 srcRec->nodeName.unicode[j] = SWAP_BE16 (srcRec->nodeName.unicode[j]);
721 }
3a60a9f5
A		 722
723 if (direction == kSwapBTNodeHostToBig)
724 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
1c79356b
A		 725
726 } else {
cf7d32b8
A		 727 if (direction == kSwapBTNodeHostToBig) {
728 panic("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
729 } else {
730 printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
731 }
3a60a9f5 732 return fsBTInvalidNodeErr;
1c79356b
A		 733 }
734
3a60a9f5
A		 735 /* We can swap the record type now that we're done using it. */
736 if (direction == kSwapBTNodeHostToBig)
737 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1c79356b
A		 738 }
739
91447636
A		 740 } else if (fileID == kHFSAttributesFileID) {
741 HFSPlusAttrKey *srcKey;
742 HFSPlusAttrRecord *srcRec;
3a60a9f5
A		 743 u_int16_t keyLength;
744 u_int32_t attrSize = 0;
745
91447636 746 for (i = 0; i < srcDesc->numRecords; i++) {
3a60a9f5 747 /* Point to the start of the record we're currently checking. */
91447636 748 srcKey = (HFSPlusAttrKey *)((char *)src->buffer + srcOffs[i]);
3a60a9f5
A		 749
750 /*
751 * Point to start of next (larger offset) record. We'll use this
752 * to be sure the current record doesn't overflow into the next
753 * record.
754 */
755 nextRecord = (char *)src->buffer + srcOffs[i-1];
756
757 /* Make sure there is room in the buffer for a minimal key */
758 if ((char *) &srcKey->attrName[1] > nextRecord) {
cf7d32b8
A		 759 if (direction == kSwapBTNodeHostToBig) {
760 panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
761 } else {
762 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
763 }
3a60a9f5
A		 764 return fsBTInvalidNodeErr;
765 }
91447636 766
3a60a9f5
A		 767 /* Swap the key length field */
768 if (direction == kSwapBTNodeBigToHost)
769 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
770 keyLength = srcKey->keyLength; /* Keep a copy in native order */
771 if (direction == kSwapBTNodeHostToBig)
772 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
773
774 /*
775 * Make sure that we can safely dereference the record's type field or
776 * an index node's child node number.
777 */
778 srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
779 if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) {
cf7d32b8
A		 780 if (direction == kSwapBTNodeHostToBig) {
781 panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
782 } else {
783 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
784 }
3a60a9f5
A		 785 return fsBTInvalidNodeErr;
786 }
91447636
A		 787
788 srcKey->fileID = SWAP_BE32(srcKey->fileID);
789 srcKey->startBlock = SWAP_BE32(srcKey->startBlock);
3a60a9f5
A		 790
791 /*
792 * Swap and check the attribute name
793 */
794 if (direction == kSwapBTNodeBigToHost)
795 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
796 /* Sanity check the attribute name length */
797 if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) {
cf7d32b8
A		 798 if (direction == kSwapBTNodeHostToBig) {
799 panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
800 } else {
801 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
802 }
3a60a9f5
A		 803 return fsBTInvalidNodeErr;
804 }
91447636
A		 805 for (j = 0; j < srcKey->attrNameLen; j++)
806 srcKey->attrName[j] = SWAP_BE16(srcKey->attrName[j]);
3a60a9f5
A		 807 if (direction == kSwapBTNodeHostToBig)
808 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
91447636 809
3a60a9f5
A		 810 /*
811 * For index nodes, the record data is just the child's node number.
812 * Skip over swapping the various types of attribute record.
813 */
91447636 814 if (srcDesc->kind == kBTIndexNode) {
2d21ac55 815 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
91447636
A		 816 continue;
817 }
818
3a60a9f5
A		 819 /* Swap the record data */
820 if (direction == kSwapBTNodeBigToHost)
821 srcRec->recordType = SWAP_BE32(srcRec->recordType);
91447636
A		 822 switch (srcRec->recordType) {
823 case kHFSPlusAttrInlineData:
3a60a9f5
A		 824 /* Is there room for the inline data header? */
825 if ((char *) &srcRec->attrData.attrData[0] > nextRecord) {
cf7d32b8
A		 826 if (direction == kSwapBTNodeHostToBig) {
827 panic("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
828 } else {
829 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
830 }
3a60a9f5
A		 831 return fsBTInvalidNodeErr;
832 }
833
91447636 834 /* We're not swapping the reserved fields */
3a60a9f5
A		 835
836 /* Swap the attribute size */
837 if (direction == kSwapBTNodeHostToBig)
838 attrSize = srcRec->attrData.attrSize;
91447636 839 srcRec->attrData.attrSize = SWAP_BE32(srcRec->attrData.attrSize);
3a60a9f5
A		 840 if (direction == kSwapBTNodeBigToHost)
841 attrSize = srcRec->attrData.attrSize;
842
843 /* Is there room for the inline attribute data? */
844 if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) {
cf7d32b8
A		 845 if (direction == kSwapBTNodeHostToBig) {
846 panic("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
847 } else {
848 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
849 }
3a60a9f5
A		 850 return fsBTInvalidNodeErr;
851 }
852
853 /* Not swapping the attribute data itself */
91447636 854 break;
3a60a9f5 855
91447636 856 case kHFSPlusAttrForkData:
3a60a9f5
A		 857 /* Is there room for the fork data record? */
858 if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) {
cf7d32b8
A		 859 if (direction == kSwapBTNodeHostToBig) {
860 panic("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
861 } else {
862 printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
863 }
3a60a9f5
A		 864 return fsBTInvalidNodeErr;
865 }
866
91447636 867 /* We're not swapping the reserved field */
3a60a9f5 868
91447636
A		 869 hfs_swap_HFSPlusForkData(&srcRec->forkData.theFork);
870 break;
3a60a9f5 871
91447636 872 case kHFSPlusAttrExtents:
3a60a9f5
A		 873 /* Is there room for an extent record? */
874 if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) {
cf7d32b8
A		 875 if (direction == kSwapBTNodeHostToBig) {
876 panic("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
877 } else {
878 printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
879 }
3a60a9f5
A		 880 return fsBTInvalidNodeErr;
881 }
882
91447636 883 /* We're not swapping the reserved field */
3a60a9f5 884
91447636
A		 885 for (j = 0; j < kHFSPlusExtentDensity; j++) {
886 srcRec->overflowExtents.extents[j].startBlock =
887 SWAP_BE32(srcRec->overflowExtents.extents[j].startBlock);
888 srcRec->overflowExtents.extents[j].blockCount =
889 SWAP_BE32(srcRec->overflowExtents.extents[j].blockCount);
890 }
891 break;
892 }
3a60a9f5
A		 893 if (direction == kSwapBTNodeHostToBig)
894 srcRec->recordType = SWAP_BE32(srcRec->recordType);
91447636 895 }
55e303ae 896 } else if (fileID > kHFSFirstUserCatalogNodeID) {
3a60a9f5 897 /* The only B-tree with a non-system CNID that we use is the hotfile B-tree */
55e303ae 898 HotFileKey *srcKey;
2d21ac55 899 u_int32_t *srcRec;
55e303ae
A		 900
901 for (i = 0; i < srcDesc->numRecords; i++) {
3a60a9f5 902 /* Point to the start of the record we're currently checking. */
55e303ae
A		 903 srcKey = (HotFileKey *)((char *)src->buffer + srcOffs[i]);
904
3a60a9f5
A		 905 /*
906 * Point to start of next (larger offset) record. We'll use this
907 * to be sure the current record doesn't overflow into the next
908 * record.
909 */
910 nextRecord = (char *)src->buffer + srcOffs[i-1];
911
2d21ac55
A		 912 /* Make sure there is room for the key (HotFileKey) and data (u_int32_t) */
913 if ((char *)srcKey + sizeof(HotFileKey) + sizeof(u_int32_t) > nextRecord) {
cf7d32b8
A		 914 if (direction == kSwapBTNodeHostToBig) {
915 panic("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
916 } else {
917 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
918 }
3a60a9f5
A		 919 return fsBTInvalidNodeErr;
920 }
921
922 /* Swap and sanity check the key length field */
923 if (direction == kSwapBTNodeBigToHost)
55e303ae 924 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
3a60a9f5 925 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
cf7d32b8
A		 926 if (direction == kSwapBTNodeHostToBig) {
927 panic("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
928 } else {
929 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
930 }
3a60a9f5
A		 931 return fsBTInvalidNodeErr;
932 }
933 srcRec = (u_int32_t *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
934 if (direction == kSwapBTNodeHostToBig)
55e303ae
A		 935 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
936
937 /* Don't swap srcKey->forkType */
938 /* Don't swap srcKey->pad */
939
940 srcKey->temperature = SWAP_BE32 (srcKey->temperature);
941 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
942
2d21ac55 943 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
55e303ae 944 }
1c79356b 945 } else {
3a60a9f5 946 panic ("hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID);
1c79356b
A		 947 }
948
55e303ae 949
1c79356b
A		 950 return (0);
951}
952
39236c6e 953#if CONFIG_HFS_STD
6d2010ae 954int
1c79356b
A		 955hfs_swap_HFSBTInternalNode (
956 BlockDescriptor *src,
957 HFSCatalogNodeID fileID,
3a60a9f5 958 enum HFSBTSwapDirection direction
1c79356b
A		 959)
960{
961 BTNodeDescriptor *srcDesc = src->buffer;
2d21ac55 962 u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t))));
3a60a9f5 963 char *nextRecord; /* Points to start of record following current one */
1c79356b 964
2d21ac55
A		 965 /*
966 * i is an int32 because it needs to be negative to index the offset to free space.
967 * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok.
968 */
969 int32_t i;
970 u_int32_t j;
1c79356b 971
1c79356b
A		 972 if (fileID == kHFSExtentsFileID) {
973 HFSExtentKey *srcKey;
974 HFSExtentDescriptor *srcRec;
3a60a9f5 975 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
1c79356b 976
3a60a9f5 977 if (srcDesc->kind == kBTIndexNode)
2d21ac55 978 recordSize = sizeof(u_int32_t);
3a60a9f5
A		 979 else
980 recordSize = sizeof(HFSExtentDescriptor);
981
1c79356b 982 for (i = 0; i < srcDesc->numRecords; i++) {
3a60a9f5 983 /* Point to the start of the record we're currently checking. */
1c79356b
A		 984 srcKey = (HFSExtentKey *)((char *)src->buffer + srcOffs[i]);
985
3a60a9f5
A		 986 /*
987 * Point to start of next (larger offset) record. We'll use this
988 * to be sure the current record doesn't overflow into the next
989 * record.
990 */
991 nextRecord = (char *)src->buffer + srcOffs[i-1];
992
993 /*
994 * Make sure the key and data are within the buffer. Since both key
995 * and data are fixed size, this is relatively easy. Note that this
996 * relies on the keyLength being a constant; we verify the keyLength
997 * below.
998 */
999 if ((char *)srcKey + sizeof(HFSExtentKey) + recordSize > nextRecord) {
cf7d32b8
A		 1000 if (direction == kSwapBTNodeHostToBig) {
1001 panic("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
1002 } else {
1003 printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
1004 }
3a60a9f5
A		 1005 return fsBTInvalidNodeErr;
1006 }
1007
1008 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
1009 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
cf7d32b8
A		 1010 if (direction == kSwapBTNodeHostToBig) {
1011 panic("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
1012 } else {
1013 printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
1014 }
3a60a9f5
A		 1015 return fsBTInvalidNodeErr;
1016 }
1017
1018 /* Don't swap srcKey->forkType; it's only one byte */
1c79356b
A		 1019
1020 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
1021 srcKey->startBlock = SWAP_BE16 (srcKey->startBlock);
1022
1023 /* Point to record data (round up to even byte boundary) */
1024 srcRec = (HFSExtentDescriptor *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
1025
1c79356b 1026 if (srcDesc->kind == kBTIndexNode) {
3a60a9f5 1027 /* For index nodes, the record data is just a child node number. */
2d21ac55 1028 *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec));
3a60a9f5
A		 1029 } else {
1030 /* Swap the extent data */
1031 for (j = 0; j < kHFSExtentDensity; j++) {
1032 srcRec[j].startBlock = SWAP_BE16 (srcRec[j].startBlock);
1033 srcRec[j].blockCount = SWAP_BE16 (srcRec[j].blockCount);
1034 }
1c79356b
A		 1035 }
1036 }
1037
1038 } else if (fileID == kHFSCatalogFileID) {
1039 HFSCatalogKey *srcKey;
2d21ac55 1040 int16_t *srcPtr;
3a60a9f5
A		 1041 unsigned expectedKeyLength;
1042
1c79356b 1043 for (i = 0; i < srcDesc->numRecords; i++) {
3a60a9f5 1044 /* Point to the start of the record we're currently checking. */
1c79356b
A		 1045 srcKey = (HFSCatalogKey *)((char *)src->buffer + srcOffs[i]);
1046
3a60a9f5
A		 1047 /*
1048 * Point to start of next (larger offset) record. We'll use this
1049 * to be sure the current record doesn't overflow into the next
1050 * record.
1051 */
1052 nextRecord = (char *)src->buffer + srcOffs[i-1];
1053
1054 /*
1055 * Make sure we can safely dereference the keyLength and parentID fields.
1056 * The value 8 below is 1 bytes for keyLength + 1 byte reserved + 4 bytes
1057 * for parentID + 1 byte for nodeName's length + 1 byte to round up the
1058 * record start to an even offset, which forms a minimal key.
1059 */
1060 if ((char *)srcKey + 8 > nextRecord) {
cf7d32b8
A		 1061 if (direction == kSwapBTNodeHostToBig) {
1062 panic("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
1063 } else {
1064 printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
1065 }
3a60a9f5
A		 1066 return fsBTInvalidNodeErr;
1067 }
1068
1069 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
1070 if (srcKey->keyLength < kHFSCatalogKeyMinimumLength || srcKey->keyLength > kHFSCatalogKeyMaximumLength) {
cf7d32b8
A		 1071 if (direction == kSwapBTNodeHostToBig) {
1072 panic("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
1073 } else {
1074 printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
1075 }
3a60a9f5
A		 1076 return fsBTInvalidNodeErr;
1077 }
1078
1c79356b
A		 1079 /* Don't swap srcKey->reserved */
1080
1081 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
1082
1083 /* Don't swap srcKey->nodeName */
3a60a9f5
A		 1084
1085 /* Make sure the keyLength is big enough for the key's content */
1086 if (srcDesc->kind == kBTIndexNode)
1087 expectedKeyLength = sizeof(*srcKey) - sizeof(srcKey->keyLength);
1088 else
1089 expectedKeyLength = srcKey->nodeName[0] + kHFSCatalogKeyMinimumLength;
1090 if (srcKey->keyLength < expectedKeyLength) {
cf7d32b8
A		 1091 if (direction == kSwapBTNodeHostToBig) {
1092 panic("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
1093 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
1094 } else {
1095 printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
1096 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
1097 }
3a60a9f5
A		 1098 return fsBTInvalidNodeErr;
1099 }
1c79356b
A		 1100
1101 /* Point to record data (round up to even byte boundary) */
2d21ac55 1102 srcPtr = (int16_t *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
1c79356b 1103
3a60a9f5
A		 1104 /*
1105 * Make sure that we can safely dereference the record's type field or
1106 * and index node's child node number.
1107 */
2d21ac55 1108 if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) {
cf7d32b8
A		 1109 if (direction == kSwapBTNodeHostToBig) {
1110 panic("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
1111 } else {
1112 printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
1113 }
3a60a9f5
A		 1114 return fsBTInvalidNodeErr;
1115 }
1116
1117 /*
1118 * For index nodes, the record data is just the child's node number.
1119 * Skip over swapping the various types of catalog record.
1120 */
1c79356b 1121 if (srcDesc->kind == kBTIndexNode) {
2d21ac55 1122 *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr));
1c79356b
A		 1123 continue;
1124 }
1125
3a60a9f5
A		 1126 /* Make sure the recordType is in native order before using it. */
1127 if (direction == kSwapBTNodeBigToHost)
1128 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1c79356b
A		 1129
1130 if (srcPtr[0] == kHFSFolderRecord) {
1131 HFSCatalogFolder *srcRec = (HFSCatalogFolder *)srcPtr;
3a60a9f5 1132 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
cf7d32b8
A		 1133 if (direction == kSwapBTNodeHostToBig) {
1134 panic("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
1135 } else {
1136 printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
1137 }
3a60a9f5
A		 1138 return fsBTInvalidNodeErr;
1139 }
1c79356b
A		 1140
1141 srcRec->flags = SWAP_BE16 (srcRec->flags);
1142 srcRec->valence = SWAP_BE16 (srcRec->valence);
1143
1144 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
1145 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
1146 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
1147 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
1148
1149 /* Don't swap srcRec->userInfo */
1150 /* Don't swap srcRec->finderInfo */
1151 /* Don't swap resserved array */
1152
1153 } else if (srcPtr[0] == kHFSFileRecord) {
1154 HFSCatalogFile *srcRec = (HFSCatalogFile *)srcPtr;
3a60a9f5 1155 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
cf7d32b8
A		 1156 if (direction == kSwapBTNodeHostToBig) {
1157 panic("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
1158 } else {
1159 printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
1160 }
3a60a9f5
A		 1161 return fsBTInvalidNodeErr;
1162 }
1c79356b
A		 1163
1164 srcRec->flags = srcRec->flags;
1165 srcRec->fileType = srcRec->fileType;
1166
1167 /* Don't swap srcRec->userInfo */
1168
1169 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
1170
1171 srcRec->dataStartBlock = SWAP_BE16 (srcRec->dataStartBlock);
1172 srcRec->dataLogicalSize = SWAP_BE32 (srcRec->dataLogicalSize);
1173 srcRec->dataPhysicalSize = SWAP_BE32 (srcRec->dataPhysicalSize);
1174
1175 srcRec->rsrcStartBlock = SWAP_BE16 (srcRec->rsrcStartBlock);
1176 srcRec->rsrcLogicalSize = SWAP_BE32 (srcRec->rsrcLogicalSize);
1177 srcRec->rsrcPhysicalSize = SWAP_BE32 (srcRec->rsrcPhysicalSize);
1178
1179 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
1180 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
1181 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
1182
1183 /* Don't swap srcRec->finderInfo */
1184
1185 srcRec->clumpSize = SWAP_BE16 (srcRec->clumpSize);
1186
2d21ac55 1187 /* Swap the two sets of extents as an array of six (three each) u_int16_t */
1c79356b
A		 1188 for (j = 0; j < kHFSExtentDensity * 2; j++) {
1189 srcRec->dataExtents[j].startBlock = SWAP_BE16 (srcRec->dataExtents[j].startBlock);
1190 srcRec->dataExtents[j].blockCount = SWAP_BE16 (srcRec->dataExtents[j].blockCount);
1191 }
1192
1193 /* Don't swap srcRec->reserved */
1194
1195 } else if ((srcPtr[0] == kHFSFolderThreadRecord) ||
1196 (srcPtr[0] == kHFSFileThreadRecord)) {
1c79356b 1197 HFSCatalogThread *srcRec = (HFSCatalogThread *)srcPtr;
3a60a9f5
A		 1198
1199 /* Make sure there is room for parentID and name length */
1200 if ((char *) &srcRec->nodeName[1] > nextRecord) {
cf7d32b8
A		 1201 if (direction == kSwapBTNodeHostToBig) {
1202 panic("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
1203 } else {
1204 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
1205 }
3a60a9f5
A		 1206 return fsBTInvalidNodeErr;
1207 }
1c79356b
A		 1208
1209 /* Don't swap srcRec->reserved array */
1210
1211 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
1212
1213 /* Don't swap srcRec->nodeName */
3a60a9f5
A		 1214
1215 /* Make sure there is room for the name in the buffer */
1216 if ((char *) &srcRec->nodeName[srcRec->nodeName[0]] > nextRecord) {
cf7d32b8
A		 1217 if (direction == kSwapBTNodeHostToBig) {
1218 panic("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1219 } else {
1220 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1221 }
3a60a9f5
A		 1222 return fsBTInvalidNodeErr;
1223 }
1c79356b 1224 } else {
cf7d32b8
A		 1225 if (direction == kSwapBTNodeHostToBig) {
1226 panic("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1227 } else {
1228 printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1229 }
3a60a9f5 1230 return fsBTInvalidNodeErr;
1c79356b
A		 1231 }
1232
3a60a9f5
A		 1233 /* We can swap the record type now that we're done using it */
1234 if (direction == kSwapBTNodeHostToBig)
1235 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1c79356b
A		 1236 }
1237
1238 } else {
3a60a9f5 1239 panic ("hfs_swap_HFSBTInternalNode: fileID %u is not a system B-tree\n", fileID);
1c79356b
A		 1240 }
1241
1242 return (0);
1243}
39236c6e
A		 1244#endif
1245
mirror of XNU