]> git.saurik.com Git - apple/xnu.git/blob - bsd/hfs/hfs_endian.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.13.8.tar.gz
[apple/xnu.git] / bsd / hfs / hfs_endian.c
1 /*
2 * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_OSREFERENCE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the
10 * License may not be used to create, or enable the creation or
11 * redistribution of, unlawful or unlicensed copies of an Apple operating
12 * system, or to circumvent, violate, or enable the circumvention or
13 * violation of, any terms of an Apple operating system software license
14 * agreement.
15 *
16 * Please obtain a copy of the License at
17 * http://www.opensource.apple.com/apsl/ and read it before using this
18 * file.
19 *
20 * The Original Code and all software distributed under the License are
21 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
22 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
23 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
25 * Please see the License for the specific language governing rights and
26 * limitations under the License.
27 *
28 * @APPLE_LICENSE_OSREFERENCE_HEADER_END@
29 */
30
31 /*
32 * hfs_endian.c
33 *
34 * This file implements endian swapping routines for the HFS/HFS Plus
35 * volume format.
36 */
37
38 #include "hfs_endian.h"
39 #include "hfs_dbg.h"
40 #include "hfscommon/headers/BTreesPrivate.h"
41
42 #undef ENDIAN_DEBUG
43
44 /*
45 * Internal swapping routines
46 *
47 * These routines handle swapping the records of leaf and index nodes. The
48 * layout of the keys and records varies depending on the kind of B-tree
49 * (determined by fileID).
50 *
51 * The direction parameter must be kSwapBTNodeBigToHost or kSwapBTNodeHostToBig.
52 * The kSwapBTNodeHeaderRecordOnly "direction" is not valid for these routines.
53 */
54 static int hfs_swap_HFSPlusBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
55 static int hfs_swap_HFSBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
56
57 /*
58 * hfs_swap_HFSPlusForkData
59 */
60 static void
61 hfs_swap_HFSPlusForkData (
62 HFSPlusForkData *src
63 )
64 {
65 int i;
66
67 src->logicalSize = SWAP_BE64 (src->logicalSize);
68
69 src->clumpSize = SWAP_BE32 (src->clumpSize);
70 src->totalBlocks = SWAP_BE32 (src->totalBlocks);
71
72 for (i = 0; i < kHFSPlusExtentDensity; i++) {
73 src->extents[i].startBlock = SWAP_BE32 (src->extents[i].startBlock);
74 src->extents[i].blockCount = SWAP_BE32 (src->extents[i].blockCount);
75 }
76 }
77
78 /*
79 * hfs_swap_BTNode
80 *
81 * NOTE: This operation is not naturally symmetric.
82 * We have to determine which way we're swapping things.
83 */
84 int
85 hfs_swap_BTNode (
86 BlockDescriptor *src,
87 vnode_t vp,
88 enum HFSBTSwapDirection direction
89 )
90 {
91 BTNodeDescriptor *srcDesc = src->buffer;
92 UInt16 *srcOffs = NULL;
93 BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr;
94 UInt32 i;
95 int error = 0;
96
97 #ifdef ENDIAN_DEBUG
98 if (direction == kSwapBTNodeBigToHost) {
99 printf ("BE -> Native Swap\n");
100 } else if (direction == kSwapBTNodeHostToBig) {
101 printf ("Native -> BE Swap\n");
102 } else if (direction == kSwapBTNodeHeaderRecordOnly) {
103 printf ("Not swapping descriptors\n");
104 } else {
105 panic ("hfs_swap_BTNode: This is impossible");
106 }
107 #endif
108
109 /*
110 * If we are doing a swap from on-disk to in-memory, then swap the node
111 * descriptor and record offsets before we need to use them.
112 */
113 if (direction == kSwapBTNodeBigToHost) {
114 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
115 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
116
117 /*
118 * When first opening a BTree, we have to read the header node before the
119 * control block is initialized. In this case, totalNodes will be zero,
120 * so skip the bounds checking.
121 */
122 if (btcb->totalNodes != 0) {
123 if (srcDesc->fLink >= btcb->totalNodes) {
124 printf("hfs_swap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
125 error = fsBTInvalidHeaderErr;
126 goto fail;
127 }
128 if (srcDesc->bLink >= btcb->totalNodes) {
129 printf("hfs_swap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
130 error = fsBTInvalidHeaderErr;
131 goto fail;
132 }
133 }
134
135 /*
136 * Check srcDesc->kind. Don't swap it because it's only one byte.
137 */
138 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
139 printf("hfs_swap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
140 error = fsBTInvalidHeaderErr;
141 goto fail;
142 }
143
144 /*
145 * Check srcDesc->height. Don't swap it because it's only one byte.
146 */
147 if (srcDesc->height > btcb->treeDepth) {
148 printf("hfs_swap_BTNode: invalid node height (%d)\n", srcDesc->height);
149 error = fsBTInvalidHeaderErr;
150 goto fail;
151 }
152
153 /* Don't swap srcDesc->reserved */
154
155 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
156
157 /*
158 * Swap the node offsets (including the free space one!).
159 */
160 srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16))));
161
162 /*
163 * Sanity check that the record offsets are within the node itself.
164 */
165 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
166 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
167 printf("hfs_swap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
168 error = fsBTInvalidHeaderErr;
169 goto fail;
170 }
171
172 /*
173 * Swap and sanity check each of the record offsets.
174 */
175 for (i = 0; i <= srcDesc->numRecords; i++) {
176 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
177
178 /*
179 * Sanity check: must be even, and within the node itself.
180 *
181 * We may be called to swap an unused node, which contains all zeroes.
182 * This is why we allow the record offset to be zero.
183 */
184 if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) {
185 printf("hfs_swap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
186 error = fsBTInvalidHeaderErr;
187 goto fail;
188 }
189
190 /*
191 * Make sure the offsets are strictly increasing. Note that we're looping over
192 * them backwards, hence the order in the comparison.
193 */
194 if ((i != 0) && (srcOffs[i] >= srcOffs[i-1])) {
195 printf("hfs_swap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
196 srcDesc->numRecords-i-1, srcDesc->numRecords-i, srcOffs[i], srcOffs[i-1]);
197 error = fsBTInvalidHeaderErr;
198 goto fail;
199 }
200 }
201 }
202
203 /*
204 * Swap the records (ordered by frequency of access)
205 */
206 if ((srcDesc->kind == kBTIndexNode) ||
207 (srcDesc-> kind == kBTLeafNode)) {
208
209 if (VTOVCB(vp)->vcbSigWord == kHFSPlusSigWord) {
210 error = hfs_swap_HFSPlusBTInternalNode (src, VTOC(vp)->c_fileid, direction);
211 } else {
212 error = hfs_swap_HFSBTInternalNode (src, VTOC(vp)->c_fileid, direction);
213 }
214
215 if (error) goto fail;
216
217 } else if (srcDesc-> kind == kBTMapNode) {
218 /* Don't swap the bitmaps, they'll be done in the bitmap routines */
219
220 } else if (srcDesc-> kind == kBTHeaderNode) {
221 /* The header's offset is hard-wired because we cannot trust the offset pointers. */
222 BTHeaderRec *srcHead = (BTHeaderRec *)((char *)src->buffer + sizeof(BTNodeDescriptor));
223
224 srcHead->treeDepth = SWAP_BE16 (srcHead->treeDepth);
225
226 srcHead->rootNode = SWAP_BE32 (srcHead->rootNode);
227 srcHead->leafRecords = SWAP_BE32 (srcHead->leafRecords);
228 srcHead->firstLeafNode = SWAP_BE32 (srcHead->firstLeafNode);
229 srcHead->lastLeafNode = SWAP_BE32 (srcHead->lastLeafNode);
230
231 srcHead->nodeSize = SWAP_BE16 (srcHead->nodeSize);
232 srcHead->maxKeyLength = SWAP_BE16 (srcHead->maxKeyLength);
233
234 srcHead->totalNodes = SWAP_BE32 (srcHead->totalNodes);
235 srcHead->freeNodes = SWAP_BE32 (srcHead->freeNodes);
236
237 srcHead->clumpSize = SWAP_BE32 (srcHead->clumpSize);
238 srcHead->attributes = SWAP_BE32 (srcHead->attributes);
239
240 /* Don't swap srcHead->reserved1 */
241 /* Don't swap srcHead->btreeType; it's only one byte */
242 /* Don't swap srcHead->reserved2 */
243 /* Don't swap srcHead->reserved3 */
244 /* Don't swap bitmap */
245 }
246
247 /*
248 * If we are doing a swap from in-memory to on-disk, then swap the node
249 * descriptor and record offsets after we're done using them.
250 */
251 if (direction == kSwapBTNodeHostToBig) {
252 /*
253 * Sanity check and swap the forkward and backward links.
254 */
255 if (srcDesc->fLink >= btcb->totalNodes) {
256 printf("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
257 error = fsBTInvalidHeaderErr;
258 goto fail;
259 }
260 if (srcDesc->bLink >= btcb->totalNodes) {
261 printf("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
262 error = fsBTInvalidHeaderErr;
263 goto fail;
264 }
265 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
266 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
267
268 /*
269 * Check srcDesc->kind. Don't swap it because it's only one byte.
270 */
271 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
272 printf("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
273 error = fsBTInvalidHeaderErr;
274 goto fail;
275 }
276
277 /*
278 * Check srcDesc->height. Don't swap it because it's only one byte.
279 */
280 if (srcDesc->height > btcb->treeDepth) {
281 printf("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height);
282 error = fsBTInvalidHeaderErr;
283 goto fail;
284 }
285
286 /* Don't swap srcDesc->reserved */
287
288 /*
289 * Swap the node offsets (including the free space one!).
290 */
291 srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16))));
292
293 /*
294 * Sanity check that the record offsets are within the node itself.
295 */
296 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
297 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
298 printf("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
299 error = fsBTInvalidHeaderErr;
300 goto fail;
301 }
302
303 /*
304 * Swap and sanity check each of the record offsets.
305 */
306 for (i = 0; i <= srcDesc->numRecords; i++) {
307 /*
308 * Sanity check: must be even, and within the node itself.
309 *
310 * We may be called to swap an unused node, which contains all zeroes.
311 * This is why we allow the record offset to be zero.
312 */
313 if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) {
314 printf("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
315 error = fsBTInvalidHeaderErr;
316 goto fail;
317 }
318
319 /*
320 * Make sure the offsets are strictly increasing. Note that we're looping over
321 * them backwards, hence the order in the comparison.
322 */
323 if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) {
324 printf("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
325 srcDesc->numRecords-i-2, srcDesc->numRecords-i-1, srcOffs[i+1], srcOffs[i]);
326 error = fsBTInvalidHeaderErr;
327 goto fail;
328 }
329
330 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
331 }
332
333 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
334 }
335
336 fail:
337 if (error) {
338 /*
339 * Log some useful information about where the corrupt node is.
340 */
341 printf("node=%lld fileID=%u volume=%s device=%s\n", src->blockNum, VTOC(vp)->c_fileid,
342 VTOVCB(vp)->vcbVN, vfs_statfs(vnode_mount(vp))->f_mntfromname);
343 VTOVCB(vp)->vcbFlags |= kHFS_DamagedVolume;
344 }
345
346 return (error);
347 }
348
349 static int
350 hfs_swap_HFSPlusBTInternalNode (
351 BlockDescriptor *src,
352 HFSCatalogNodeID fileID,
353 enum HFSBTSwapDirection direction
354 )
355 {
356 BTNodeDescriptor *srcDesc = src->buffer;
357 UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16))));
358 char *nextRecord; /* Points to start of record following current one */
359 UInt32 i;
360 UInt32 j;
361
362 if (fileID == kHFSExtentsFileID) {
363 HFSPlusExtentKey *srcKey;
364 HFSPlusExtentDescriptor *srcRec;
365 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
366
367 if (srcDesc->kind == kBTIndexNode)
368 recordSize = sizeof(UInt32);
369 else
370 recordSize = sizeof(HFSPlusExtentDescriptor);
371
372 for (i = 0; i < srcDesc->numRecords; i++) {
373 /* Point to the start of the record we're currently checking. */
374 srcKey = (HFSPlusExtentKey *)((char *)src->buffer + srcOffs[i]);
375
376 /*
377 * Point to start of next (larger offset) record. We'll use this
378 * to be sure the current record doesn't overflow into the next
379 * record.
380 */
381 nextRecord = (char *)src->buffer + srcOffs[i-1];
382
383 /*
384 * Make sure the key and data are within the buffer. Since both key
385 * and data are fixed size, this is relatively easy. Note that this
386 * relies on the keyLength being a constant; we verify the keyLength
387 * below.
388 */
389 if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) {
390 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
391 return fsBTInvalidNodeErr;
392 }
393
394 if (direction == kSwapBTNodeBigToHost)
395 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
396 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
397 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
398 return fsBTInvalidNodeErr;
399 }
400 srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
401 if (direction == kSwapBTNodeHostToBig)
402 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
403
404 /* Don't swap srcKey->forkType; it's only one byte */
405 /* Don't swap srcKey->pad */
406
407 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
408 srcKey->startBlock = SWAP_BE32 (srcKey->startBlock);
409
410 if (srcDesc->kind == kBTIndexNode) {
411 /* For index nodes, the record data is just a child node number. */
412 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
413 } else {
414 /* Swap the extent data */
415 for (j = 0; j < kHFSPlusExtentDensity; j++) {
416 srcRec[j].startBlock = SWAP_BE32 (srcRec[j].startBlock);
417 srcRec[j].blockCount = SWAP_BE32 (srcRec[j].blockCount);
418 }
419 }
420 }
421
422 } else if (fileID == kHFSCatalogFileID) {
423 HFSPlusCatalogKey *srcKey;
424 SInt16 *srcPtr;
425 u_int16_t keyLength;
426
427 for (i = 0; i < srcDesc->numRecords; i++) {
428 /* Point to the start of the record we're currently checking. */
429 srcKey = (HFSPlusCatalogKey *)((char *)src->buffer + srcOffs[i]);
430
431 /*
432 * Point to start of next (larger offset) record. We'll use this
433 * to be sure the current record doesn't overflow into the next
434 * record.
435 */
436 nextRecord = (char *)src->buffer + srcOffs[i-1];
437
438 /*
439 * Make sure we can safely dereference the keyLength and parentID fields. */
440 if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) {
441 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
442 return fsBTInvalidNodeErr;
443 }
444
445 /*
446 * Swap and sanity check the key length
447 */
448 if (direction == kSwapBTNodeBigToHost)
449 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
450 keyLength = srcKey->keyLength; /* Put it in a local (native order) because we use it several times */
451 if (direction == kSwapBTNodeHostToBig)
452 srcKey->keyLength = SWAP_BE16 (keyLength);
453
454 /* Sanity check the key length */
455 if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) {
456 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
457 return fsBTInvalidNodeErr;
458 }
459
460 /*
461 * Make sure that we can safely dereference the record's type field or
462 * an index node's child node number.
463 */
464 srcPtr = (SInt16 *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
465 if ((char *)srcPtr + sizeof(UInt32) > nextRecord) {
466 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
467 return fsBTInvalidNodeErr;
468 }
469
470 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
471
472 /*
473 * Swap and sanity check the key's node name
474 */
475 if (direction == kSwapBTNodeBigToHost)
476 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
477 /* Make sure name length is consistent with key length */
478 if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
479 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) {
480 printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%d\n",
481 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
482 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
483 return fsBTInvalidNodeErr;
484 }
485 for (j = 0; j < srcKey->nodeName.length; j++) {
486 srcKey->nodeName.unicode[j] = SWAP_BE16 (srcKey->nodeName.unicode[j]);
487 }
488 if (direction == kSwapBTNodeHostToBig)
489 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
490
491 /*
492 * For index nodes, the record data is just the child's node number.
493 * Skip over swapping the various types of catalog record.
494 */
495 if (srcDesc->kind == kBTIndexNode) {
496 *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr));
497 continue;
498 }
499
500 /* Make sure the recordType is in native order before using it. */
501 if (direction == kSwapBTNodeBigToHost)
502 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
503
504 if (srcPtr[0] == kHFSPlusFolderRecord) {
505 HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr;
506 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
507 printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
508 return fsBTInvalidNodeErr;
509 }
510
511 srcRec->flags = SWAP_BE16 (srcRec->flags);
512 srcRec->valence = SWAP_BE32 (srcRec->valence);
513 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
514 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
515 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
516 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
517 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
518 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
519
520 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
521 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
522
523 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
524 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
525
526 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
527 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
528
529 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
530
531 /* Don't swap srcRec->userInfo */
532 /* Don't swap srcRec->finderInfo */
533 /* Don't swap srcRec->reserved */
534
535 } else if (srcPtr[0] == kHFSPlusFileRecord) {
536 HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr;
537 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
538 printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
539 return fsBTInvalidNodeErr;
540 }
541
542 srcRec->flags = SWAP_BE16 (srcRec->flags);
543
544 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
545
546 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
547 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
548 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
549 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
550 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
551
552 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
553 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
554
555 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
556 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
557
558 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
559 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
560
561 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
562
563 /* Don't swap srcRec->reserved1 */
564 /* Don't swap srcRec->userInfo */
565 /* Don't swap srcRec->finderInfo */
566 /* Don't swap srcRec->reserved2 */
567
568 hfs_swap_HFSPlusForkData (&srcRec->dataFork);
569 hfs_swap_HFSPlusForkData (&srcRec->resourceFork);
570
571 } else if ((srcPtr[0] == kHFSPlusFolderThreadRecord) ||
572 (srcPtr[0] == kHFSPlusFileThreadRecord)) {
573
574 /*
575 * Make sure there is room for parentID and name length.
576 */
577 HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr;
578 if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) {
579 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
580 return fsBTInvalidNodeErr;
581 }
582
583 /* Don't swap srcRec->reserved */
584
585 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
586
587 if (direction == kSwapBTNodeBigToHost)
588 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
589
590 /*
591 * Make sure there is room for the name in the buffer.
592 * Then swap the characters of the name itself.
593 */
594 if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) {
595 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
596 return fsBTInvalidNodeErr;
597 }
598 for (j = 0; j < srcRec->nodeName.length; j++) {
599 srcRec->nodeName.unicode[j] = SWAP_BE16 (srcRec->nodeName.unicode[j]);
600 }
601
602 if (direction == kSwapBTNodeHostToBig)
603 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
604
605 } else {
606 printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
607 return fsBTInvalidNodeErr;
608 }
609
610 /* We can swap the record type now that we're done using it. */
611 if (direction == kSwapBTNodeHostToBig)
612 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
613 }
614
615 } else if (fileID == kHFSAttributesFileID) {
616 HFSPlusAttrKey *srcKey;
617 HFSPlusAttrRecord *srcRec;
618 u_int16_t keyLength;
619 u_int32_t attrSize = 0;
620
621 for (i = 0; i < srcDesc->numRecords; i++) {
622 /* Point to the start of the record we're currently checking. */
623 srcKey = (HFSPlusAttrKey *)((char *)src->buffer + srcOffs[i]);
624
625 /*
626 * Point to start of next (larger offset) record. We'll use this
627 * to be sure the current record doesn't overflow into the next
628 * record.
629 */
630 nextRecord = (char *)src->buffer + srcOffs[i-1];
631
632 /* Make sure there is room in the buffer for a minimal key */
633 if ((char *) &srcKey->attrName[1] > nextRecord) {
634 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
635 return fsBTInvalidNodeErr;
636 }
637
638 /* Swap the key length field */
639 if (direction == kSwapBTNodeBigToHost)
640 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
641 keyLength = srcKey->keyLength; /* Keep a copy in native order */
642 if (direction == kSwapBTNodeHostToBig)
643 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
644
645 /*
646 * Make sure that we can safely dereference the record's type field or
647 * an index node's child node number.
648 */
649 srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
650 if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) {
651 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
652 return fsBTInvalidNodeErr;
653 }
654
655 srcKey->fileID = SWAP_BE32(srcKey->fileID);
656 srcKey->startBlock = SWAP_BE32(srcKey->startBlock);
657
658 /*
659 * Swap and check the attribute name
660 */
661 if (direction == kSwapBTNodeBigToHost)
662 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
663 /* Sanity check the attribute name length */
664 if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) {
665 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
666 return fsBTInvalidNodeErr;
667 }
668 for (j = 0; j < srcKey->attrNameLen; j++)
669 srcKey->attrName[j] = SWAP_BE16(srcKey->attrName[j]);
670 if (direction == kSwapBTNodeHostToBig)
671 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
672
673 /*
674 * For index nodes, the record data is just the child's node number.
675 * Skip over swapping the various types of attribute record.
676 */
677 if (srcDesc->kind == kBTIndexNode) {
678 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
679 continue;
680 }
681
682 /* Swap the record data */
683 if (direction == kSwapBTNodeBigToHost)
684 srcRec->recordType = SWAP_BE32(srcRec->recordType);
685 switch (srcRec->recordType) {
686 case kHFSPlusAttrInlineData:
687 /* Is there room for the inline data header? */
688 if ((char *) &srcRec->attrData.attrData[0] > nextRecord) {
689 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
690 return fsBTInvalidNodeErr;
691 }
692
693 /* We're not swapping the reserved fields */
694
695 /* Swap the attribute size */
696 if (direction == kSwapBTNodeHostToBig)
697 attrSize = srcRec->attrData.attrSize;
698 srcRec->attrData.attrSize = SWAP_BE32(srcRec->attrData.attrSize);
699 if (direction == kSwapBTNodeBigToHost)
700 attrSize = srcRec->attrData.attrSize;
701
702 /* Is there room for the inline attribute data? */
703 if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) {
704 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
705 return fsBTInvalidNodeErr;
706 }
707
708 /* Not swapping the attribute data itself */
709 break;
710
711 case kHFSPlusAttrForkData:
712 /* Is there room for the fork data record? */
713 if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) {
714 printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
715 return fsBTInvalidNodeErr;
716 }
717
718 /* We're not swapping the reserved field */
719
720 hfs_swap_HFSPlusForkData(&srcRec->forkData.theFork);
721 break;
722
723 case kHFSPlusAttrExtents:
724 /* Is there room for an extent record? */
725 if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) {
726 printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
727 return fsBTInvalidNodeErr;
728 }
729
730 /* We're not swapping the reserved field */
731
732 for (j = 0; j < kHFSPlusExtentDensity; j++) {
733 srcRec->overflowExtents.extents[j].startBlock =
734 SWAP_BE32(srcRec->overflowExtents.extents[j].startBlock);
735 srcRec->overflowExtents.extents[j].blockCount =
736 SWAP_BE32(srcRec->overflowExtents.extents[j].blockCount);
737 }
738 break;
739 }
740 if (direction == kSwapBTNodeHostToBig)
741 srcRec->recordType = SWAP_BE32(srcRec->recordType);
742 }
743 } else if (fileID > kHFSFirstUserCatalogNodeID) {
744 /* The only B-tree with a non-system CNID that we use is the hotfile B-tree */
745 HotFileKey *srcKey;
746 UInt32 *srcRec;
747
748 for (i = 0; i < srcDesc->numRecords; i++) {
749 /* Point to the start of the record we're currently checking. */
750 srcKey = (HotFileKey *)((char *)src->buffer + srcOffs[i]);
751
752 /*
753 * Point to start of next (larger offset) record. We'll use this
754 * to be sure the current record doesn't overflow into the next
755 * record.
756 */
757 nextRecord = (char *)src->buffer + srcOffs[i-1];
758
759 /* Make sure there is room for the key (HotFileKey) and data (UInt32) */
760 if ((char *)srcKey + sizeof(HotFileKey) + sizeof(UInt32) > nextRecord) {
761 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
762 return fsBTInvalidNodeErr;
763 }
764
765 /* Swap and sanity check the key length field */
766 if (direction == kSwapBTNodeBigToHost)
767 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
768 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
769 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
770 return fsBTInvalidNodeErr;
771 }
772 srcRec = (u_int32_t *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
773 if (direction == kSwapBTNodeHostToBig)
774 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
775
776 /* Don't swap srcKey->forkType */
777 /* Don't swap srcKey->pad */
778
779 srcKey->temperature = SWAP_BE32 (srcKey->temperature);
780 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
781
782 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
783 }
784 } else {
785 panic ("hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID);
786 }
787
788
789 return (0);
790 }
791
792 static int
793 hfs_swap_HFSBTInternalNode (
794 BlockDescriptor *src,
795 HFSCatalogNodeID fileID,
796 enum HFSBTSwapDirection direction
797 )
798 {
799 BTNodeDescriptor *srcDesc = src->buffer;
800 UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16))));
801 char *nextRecord; /* Points to start of record following current one */
802
803 UInt32 i;
804 UInt32 j;
805
806 if (fileID == kHFSExtentsFileID) {
807 HFSExtentKey *srcKey;
808 HFSExtentDescriptor *srcRec;
809 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
810
811 if (srcDesc->kind == kBTIndexNode)
812 recordSize = sizeof(UInt32);
813 else
814 recordSize = sizeof(HFSExtentDescriptor);
815
816 for (i = 0; i < srcDesc->numRecords; i++) {
817 /* Point to the start of the record we're currently checking. */
818 srcKey = (HFSExtentKey *)((char *)src->buffer + srcOffs[i]);
819
820 /*
821 * Point to start of next (larger offset) record. We'll use this
822 * to be sure the current record doesn't overflow into the next
823 * record.
824 */
825 nextRecord = (char *)src->buffer + srcOffs[i-1];
826
827 /*
828 * Make sure the key and data are within the buffer. Since both key
829 * and data are fixed size, this is relatively easy. Note that this
830 * relies on the keyLength being a constant; we verify the keyLength
831 * below.
832 */
833 if ((char *)srcKey + sizeof(HFSExtentKey) + recordSize > nextRecord) {
834 printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
835 return fsBTInvalidNodeErr;
836 }
837
838 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
839 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
840 printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
841 return fsBTInvalidNodeErr;
842 }
843
844 /* Don't swap srcKey->forkType; it's only one byte */
845
846 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
847 srcKey->startBlock = SWAP_BE16 (srcKey->startBlock);
848
849 /* Point to record data (round up to even byte boundary) */
850 srcRec = (HFSExtentDescriptor *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
851
852 if (srcDesc->kind == kBTIndexNode) {
853 /* For index nodes, the record data is just a child node number. */
854 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
855 } else {
856 /* Swap the extent data */
857 for (j = 0; j < kHFSExtentDensity; j++) {
858 srcRec[j].startBlock = SWAP_BE16 (srcRec[j].startBlock);
859 srcRec[j].blockCount = SWAP_BE16 (srcRec[j].blockCount);
860 }
861 }
862 }
863
864 } else if (fileID == kHFSCatalogFileID) {
865 HFSCatalogKey *srcKey;
866 SInt16 *srcPtr;
867 unsigned expectedKeyLength;
868
869 for (i = 0; i < srcDesc->numRecords; i++) {
870 /* Point to the start of the record we're currently checking. */
871 srcKey = (HFSCatalogKey *)((char *)src->buffer + srcOffs[i]);
872
873 /*
874 * Point to start of next (larger offset) record. We'll use this
875 * to be sure the current record doesn't overflow into the next
876 * record.
877 */
878 nextRecord = (char *)src->buffer + srcOffs[i-1];
879
880 /*
881 * Make sure we can safely dereference the keyLength and parentID fields.
882 * The value 8 below is 1 bytes for keyLength + 1 byte reserved + 4 bytes
883 * for parentID + 1 byte for nodeName's length + 1 byte to round up the
884 * record start to an even offset, which forms a minimal key.
885 */
886 if ((char *)srcKey + 8 > nextRecord) {
887 printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
888 return fsBTInvalidNodeErr;
889 }
890
891 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
892 if (srcKey->keyLength < kHFSCatalogKeyMinimumLength || srcKey->keyLength > kHFSCatalogKeyMaximumLength) {
893 printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
894 return fsBTInvalidNodeErr;
895 }
896
897 /* Don't swap srcKey->reserved */
898
899 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
900
901 /* Don't swap srcKey->nodeName */
902
903 /* Make sure the keyLength is big enough for the key's content */
904 if (srcDesc->kind == kBTIndexNode)
905 expectedKeyLength = sizeof(*srcKey) - sizeof(srcKey->keyLength);
906 else
907 expectedKeyLength = srcKey->nodeName[0] + kHFSCatalogKeyMinimumLength;
908 if (srcKey->keyLength < expectedKeyLength) {
909 printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
910 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
911 return fsBTInvalidNodeErr;
912 }
913
914 /* Point to record data (round up to even byte boundary) */
915 srcPtr = (SInt16 *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
916
917 /*
918 * Make sure that we can safely dereference the record's type field or
919 * and index node's child node number.
920 */
921 if ((char *)srcPtr + sizeof(UInt32) > nextRecord) {
922 printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
923 return fsBTInvalidNodeErr;
924 }
925
926 /*
927 * For index nodes, the record data is just the child's node number.
928 * Skip over swapping the various types of catalog record.
929 */
930 if (srcDesc->kind == kBTIndexNode) {
931 *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr));
932 continue;
933 }
934
935 /* Make sure the recordType is in native order before using it. */
936 if (direction == kSwapBTNodeBigToHost)
937 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
938
939 if (srcPtr[0] == kHFSFolderRecord) {
940 HFSCatalogFolder *srcRec = (HFSCatalogFolder *)srcPtr;
941 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
942 printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
943 return fsBTInvalidNodeErr;
944 }
945
946 srcRec->flags = SWAP_BE16 (srcRec->flags);
947 srcRec->valence = SWAP_BE16 (srcRec->valence);
948
949 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
950 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
951 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
952 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
953
954 /* Don't swap srcRec->userInfo */
955 /* Don't swap srcRec->finderInfo */
956 /* Don't swap resserved array */
957
958 } else if (srcPtr[0] == kHFSFileRecord) {
959 HFSCatalogFile *srcRec = (HFSCatalogFile *)srcPtr;
960 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
961 printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
962 return fsBTInvalidNodeErr;
963 }
964
965 srcRec->flags = srcRec->flags;
966 srcRec->fileType = srcRec->fileType;
967
968 /* Don't swap srcRec->userInfo */
969
970 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
971
972 srcRec->dataStartBlock = SWAP_BE16 (srcRec->dataStartBlock);
973 srcRec->dataLogicalSize = SWAP_BE32 (srcRec->dataLogicalSize);
974 srcRec->dataPhysicalSize = SWAP_BE32 (srcRec->dataPhysicalSize);
975
976 srcRec->rsrcStartBlock = SWAP_BE16 (srcRec->rsrcStartBlock);
977 srcRec->rsrcLogicalSize = SWAP_BE32 (srcRec->rsrcLogicalSize);
978 srcRec->rsrcPhysicalSize = SWAP_BE32 (srcRec->rsrcPhysicalSize);
979
980 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
981 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
982 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
983
984 /* Don't swap srcRec->finderInfo */
985
986 srcRec->clumpSize = SWAP_BE16 (srcRec->clumpSize);
987
988 /* Swap the two sets of extents as an array of six (three each) UInt16 */
989 for (j = 0; j < kHFSExtentDensity * 2; j++) {
990 srcRec->dataExtents[j].startBlock = SWAP_BE16 (srcRec->dataExtents[j].startBlock);
991 srcRec->dataExtents[j].blockCount = SWAP_BE16 (srcRec->dataExtents[j].blockCount);
992 }
993
994 /* Don't swap srcRec->reserved */
995
996 } else if ((srcPtr[0] == kHFSFolderThreadRecord) ||
997 (srcPtr[0] == kHFSFileThreadRecord)) {
998 HFSCatalogThread *srcRec = (HFSCatalogThread *)srcPtr;
999
1000 /* Make sure there is room for parentID and name length */
1001 if ((char *) &srcRec->nodeName[1] > nextRecord) {
1002 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
1003 return fsBTInvalidNodeErr;
1004 }
1005
1006 /* Don't swap srcRec->reserved array */
1007
1008 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
1009
1010 /* Don't swap srcRec->nodeName */
1011
1012 /* Make sure there is room for the name in the buffer */
1013 if ((char *) &srcRec->nodeName[srcRec->nodeName[0]] > nextRecord) {
1014 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1015 return fsBTInvalidNodeErr;
1016 }
1017 } else {
1018 printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1019 return fsBTInvalidNodeErr;
1020 }
1021
1022 /* We can swap the record type now that we're done using it */
1023 if (direction == kSwapBTNodeHostToBig)
1024 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1025 }
1026
1027 } else {
1028 panic ("hfs_swap_HFSBTInternalNode: fileID %u is not a system B-tree\n", fileID);
1029 }
1030
1031 return (0);
1032 }
mirror of XNU