]> git.saurik.com Git - apple/xnu.git/blob - bsd/hfs/hfs_endian.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.10.96.tar.gz
[apple/xnu.git] / bsd / hfs / hfs_endian.c
1 /*
2 * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22
23 /*
24 * hfs_endian.c
25 *
26 * This file implements endian swapping routines for the HFS/HFS Plus
27 * volume format.
28 */
29
30 #include "hfs_endian.h"
31 #include "hfs_dbg.h"
32 #include "hfscommon/headers/BTreesPrivate.h"
33
34 #undef ENDIAN_DEBUG
35
36 /*
37 * Internal swapping routines
38 *
39 * These routines handle swapping the records of leaf and index nodes. The
40 * layout of the keys and records varies depending on the kind of B-tree
41 * (determined by fileID).
42 *
43 * The direction parameter must be kSwapBTNodeBigToHost or kSwapBTNodeHostToBig.
44 * The kSwapBTNodeHeaderRecordOnly "direction" is not valid for these routines.
45 */
46 static int hfs_swap_HFSPlusBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
47 static int hfs_swap_HFSBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
48
49 /*
50 * hfs_swap_HFSPlusForkData
51 */
52 static void
53 hfs_swap_HFSPlusForkData (
54 HFSPlusForkData *src
55 )
56 {
57 int i;
58
59 src->logicalSize = SWAP_BE64 (src->logicalSize);
60
61 src->clumpSize = SWAP_BE32 (src->clumpSize);
62 src->totalBlocks = SWAP_BE32 (src->totalBlocks);
63
64 for (i = 0; i < kHFSPlusExtentDensity; i++) {
65 src->extents[i].startBlock = SWAP_BE32 (src->extents[i].startBlock);
66 src->extents[i].blockCount = SWAP_BE32 (src->extents[i].blockCount);
67 }
68 }
69
70 /*
71 * hfs_swap_BTNode
72 *
73 * NOTE: This operation is not naturally symmetric.
74 * We have to determine which way we're swapping things.
75 */
76 int
77 hfs_swap_BTNode (
78 BlockDescriptor *src,
79 vnode_t vp,
80 enum HFSBTSwapDirection direction
81 )
82 {
83 BTNodeDescriptor *srcDesc = src->buffer;
84 UInt16 *srcOffs = NULL;
85 BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr;
86 UInt32 i;
87 int error = 0;
88
89 #ifdef ENDIAN_DEBUG
90 if (direction == kSwapBTNodeBigToHost) {
91 printf ("BE -> Native Swap\n");
92 } else if (direction == kSwapBTNodeHostToBig) {
93 printf ("Native -> BE Swap\n");
94 } else if (direction == kSwapBTNodeHeaderRecordOnly) {
95 printf ("Not swapping descriptors\n");
96 } else {
97 panic ("hfs_swap_BTNode: This is impossible");
98 }
99 #endif
100
101 /*
102 * If we are doing a swap from on-disk to in-memory, then swap the node
103 * descriptor and record offsets before we need to use them.
104 */
105 if (direction == kSwapBTNodeBigToHost) {
106 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
107 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
108
109 /*
110 * When first opening a BTree, we have to read the header node before the
111 * control block is initialized. In this case, totalNodes will be zero,
112 * so skip the bounds checking.
113 */
114 if (btcb->totalNodes != 0) {
115 if (srcDesc->fLink >= btcb->totalNodes) {
116 printf("hfs_swap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
117 error = fsBTInvalidHeaderErr;
118 goto fail;
119 }
120 if (srcDesc->bLink >= btcb->totalNodes) {
121 printf("hfs_swap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
122 error = fsBTInvalidHeaderErr;
123 goto fail;
124 }
125 }
126
127 /*
128 * Check srcDesc->kind. Don't swap it because it's only one byte.
129 */
130 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
131 printf("hfs_swap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
132 error = fsBTInvalidHeaderErr;
133 goto fail;
134 }
135
136 /*
137 * Check srcDesc->height. Don't swap it because it's only one byte.
138 */
139 if (srcDesc->height > btcb->treeDepth) {
140 printf("hfs_swap_BTNode: invalid node height (%d)\n", srcDesc->height);
141 error = fsBTInvalidHeaderErr;
142 goto fail;
143 }
144
145 /* Don't swap srcDesc->reserved */
146
147 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
148
149 /*
150 * Swap the node offsets (including the free space one!).
151 */
152 srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16))));
153
154 /*
155 * Sanity check that the record offsets are within the node itself.
156 */
157 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
158 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
159 printf("hfs_swap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
160 error = fsBTInvalidHeaderErr;
161 goto fail;
162 }
163
164 /*
165 * Swap and sanity check each of the record offsets.
166 */
167 for (i = 0; i <= srcDesc->numRecords; i++) {
168 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
169
170 /*
171 * Sanity check: must be even, and within the node itself.
172 *
173 * We may be called to swap an unused node, which contains all zeroes.
174 * This is why we allow the record offset to be zero.
175 */
176 if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) {
177 printf("hfs_swap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
178 error = fsBTInvalidHeaderErr;
179 goto fail;
180 }
181
182 /*
183 * Make sure the offsets are strictly increasing. Note that we're looping over
184 * them backwards, hence the order in the comparison.
185 */
186 if ((i != 0) && (srcOffs[i] >= srcOffs[i-1])) {
187 printf("hfs_swap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
188 srcDesc->numRecords-i-1, srcDesc->numRecords-i, srcOffs[i], srcOffs[i-1]);
189 error = fsBTInvalidHeaderErr;
190 goto fail;
191 }
192 }
193 }
194
195 /*
196 * Swap the records (ordered by frequency of access)
197 */
198 if ((srcDesc->kind == kBTIndexNode) ||
199 (srcDesc-> kind == kBTLeafNode)) {
200
201 if (VTOVCB(vp)->vcbSigWord == kHFSPlusSigWord) {
202 error = hfs_swap_HFSPlusBTInternalNode (src, VTOC(vp)->c_fileid, direction);
203 } else {
204 error = hfs_swap_HFSBTInternalNode (src, VTOC(vp)->c_fileid, direction);
205 }
206
207 if (error) goto fail;
208
209 } else if (srcDesc-> kind == kBTMapNode) {
210 /* Don't swap the bitmaps, they'll be done in the bitmap routines */
211
212 } else if (srcDesc-> kind == kBTHeaderNode) {
213 /* The header's offset is hard-wired because we cannot trust the offset pointers. */
214 BTHeaderRec *srcHead = (BTHeaderRec *)((char *)src->buffer + sizeof(BTNodeDescriptor));
215
216 srcHead->treeDepth = SWAP_BE16 (srcHead->treeDepth);
217
218 srcHead->rootNode = SWAP_BE32 (srcHead->rootNode);
219 srcHead->leafRecords = SWAP_BE32 (srcHead->leafRecords);
220 srcHead->firstLeafNode = SWAP_BE32 (srcHead->firstLeafNode);
221 srcHead->lastLeafNode = SWAP_BE32 (srcHead->lastLeafNode);
222
223 srcHead->nodeSize = SWAP_BE16 (srcHead->nodeSize);
224 srcHead->maxKeyLength = SWAP_BE16 (srcHead->maxKeyLength);
225
226 srcHead->totalNodes = SWAP_BE32 (srcHead->totalNodes);
227 srcHead->freeNodes = SWAP_BE32 (srcHead->freeNodes);
228
229 srcHead->clumpSize = SWAP_BE32 (srcHead->clumpSize);
230 srcHead->attributes = SWAP_BE32 (srcHead->attributes);
231
232 /* Don't swap srcHead->reserved1 */
233 /* Don't swap srcHead->btreeType; it's only one byte */
234 /* Don't swap srcHead->reserved2 */
235 /* Don't swap srcHead->reserved3 */
236 /* Don't swap bitmap */
237 }
238
239 /*
240 * If we are doing a swap from in-memory to on-disk, then swap the node
241 * descriptor and record offsets after we're done using them.
242 */
243 if (direction == kSwapBTNodeHostToBig) {
244 /*
245 * Sanity check and swap the forkward and backward links.
246 */
247 if (srcDesc->fLink >= btcb->totalNodes) {
248 printf("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
249 error = fsBTInvalidHeaderErr;
250 goto fail;
251 }
252 if (srcDesc->bLink >= btcb->totalNodes) {
253 printf("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
254 error = fsBTInvalidHeaderErr;
255 goto fail;
256 }
257 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
258 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
259
260 /*
261 * Check srcDesc->kind. Don't swap it because it's only one byte.
262 */
263 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
264 printf("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
265 error = fsBTInvalidHeaderErr;
266 goto fail;
267 }
268
269 /*
270 * Check srcDesc->height. Don't swap it because it's only one byte.
271 */
272 if (srcDesc->height > btcb->treeDepth) {
273 printf("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height);
274 error = fsBTInvalidHeaderErr;
275 goto fail;
276 }
277
278 /* Don't swap srcDesc->reserved */
279
280 /*
281 * Swap the node offsets (including the free space one!).
282 */
283 srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16))));
284
285 /*
286 * Sanity check that the record offsets are within the node itself.
287 */
288 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
289 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
290 printf("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
291 error = fsBTInvalidHeaderErr;
292 goto fail;
293 }
294
295 /*
296 * Swap and sanity check each of the record offsets.
297 */
298 for (i = 0; i <= srcDesc->numRecords; i++) {
299 /*
300 * Sanity check: must be even, and within the node itself.
301 *
302 * We may be called to swap an unused node, which contains all zeroes.
303 * This is why we allow the record offset to be zero.
304 */
305 if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) {
306 printf("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
307 error = fsBTInvalidHeaderErr;
308 goto fail;
309 }
310
311 /*
312 * Make sure the offsets are strictly increasing. Note that we're looping over
313 * them backwards, hence the order in the comparison.
314 */
315 if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) {
316 printf("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
317 srcDesc->numRecords-i-2, srcDesc->numRecords-i-1, srcOffs[i+1], srcOffs[i]);
318 error = fsBTInvalidHeaderErr;
319 goto fail;
320 }
321
322 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
323 }
324
325 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
326 }
327
328 fail:
329 if (error) {
330 /*
331 * Log some useful information about where the corrupt node is.
332 */
333 printf("node=%lld fileID=%u volume=%s device=%s\n", src->blockNum, VTOC(vp)->c_fileid,
334 VTOVCB(vp)->vcbVN, vfs_statfs(vnode_mount(vp))->f_mntfromname);
335 VTOVCB(vp)->vcbFlags |= kHFS_DamagedVolume;
336 }
337
338 return (error);
339 }
340
341 static int
342 hfs_swap_HFSPlusBTInternalNode (
343 BlockDescriptor *src,
344 HFSCatalogNodeID fileID,
345 enum HFSBTSwapDirection direction
346 )
347 {
348 BTNodeDescriptor *srcDesc = src->buffer;
349 UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16))));
350 char *nextRecord; /* Points to start of record following current one */
351 UInt32 i;
352 UInt32 j;
353
354 if (fileID == kHFSExtentsFileID) {
355 HFSPlusExtentKey *srcKey;
356 HFSPlusExtentDescriptor *srcRec;
357 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
358
359 if (srcDesc->kind == kBTIndexNode)
360 recordSize = sizeof(UInt32);
361 else
362 recordSize = sizeof(HFSPlusExtentDescriptor);
363
364 for (i = 0; i < srcDesc->numRecords; i++) {
365 /* Point to the start of the record we're currently checking. */
366 srcKey = (HFSPlusExtentKey *)((char *)src->buffer + srcOffs[i]);
367
368 /*
369 * Point to start of next (larger offset) record. We'll use this
370 * to be sure the current record doesn't overflow into the next
371 * record.
372 */
373 nextRecord = (char *)src->buffer + srcOffs[i-1];
374
375 /*
376 * Make sure the key and data are within the buffer. Since both key
377 * and data are fixed size, this is relatively easy. Note that this
378 * relies on the keyLength being a constant; we verify the keyLength
379 * below.
380 */
381 if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) {
382 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
383 return fsBTInvalidNodeErr;
384 }
385
386 if (direction == kSwapBTNodeBigToHost)
387 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
388 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
389 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
390 return fsBTInvalidNodeErr;
391 }
392 srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
393 if (direction == kSwapBTNodeHostToBig)
394 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
395
396 /* Don't swap srcKey->forkType; it's only one byte */
397 /* Don't swap srcKey->pad */
398
399 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
400 srcKey->startBlock = SWAP_BE32 (srcKey->startBlock);
401
402 if (srcDesc->kind == kBTIndexNode) {
403 /* For index nodes, the record data is just a child node number. */
404 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
405 } else {
406 /* Swap the extent data */
407 for (j = 0; j < kHFSPlusExtentDensity; j++) {
408 srcRec[j].startBlock = SWAP_BE32 (srcRec[j].startBlock);
409 srcRec[j].blockCount = SWAP_BE32 (srcRec[j].blockCount);
410 }
411 }
412 }
413
414 } else if (fileID == kHFSCatalogFileID) {
415 HFSPlusCatalogKey *srcKey;
416 SInt16 *srcPtr;
417 u_int16_t keyLength;
418
419 for (i = 0; i < srcDesc->numRecords; i++) {
420 /* Point to the start of the record we're currently checking. */
421 srcKey = (HFSPlusCatalogKey *)((char *)src->buffer + srcOffs[i]);
422
423 /*
424 * Point to start of next (larger offset) record. We'll use this
425 * to be sure the current record doesn't overflow into the next
426 * record.
427 */
428 nextRecord = (char *)src->buffer + srcOffs[i-1];
429
430 /*
431 * Make sure we can safely dereference the keyLength and parentID fields. */
432 if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) {
433 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
434 return fsBTInvalidNodeErr;
435 }
436
437 /*
438 * Swap and sanity check the key length
439 */
440 if (direction == kSwapBTNodeBigToHost)
441 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
442 keyLength = srcKey->keyLength; /* Put it in a local (native order) because we use it several times */
443 if (direction == kSwapBTNodeHostToBig)
444 srcKey->keyLength = SWAP_BE16 (keyLength);
445
446 /* Sanity check the key length */
447 if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) {
448 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
449 return fsBTInvalidNodeErr;
450 }
451
452 /*
453 * Make sure that we can safely dereference the record's type field or
454 * an index node's child node number.
455 */
456 srcPtr = (SInt16 *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
457 if ((char *)srcPtr + sizeof(UInt32) > nextRecord) {
458 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
459 return fsBTInvalidNodeErr;
460 }
461
462 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
463
464 /*
465 * Swap and sanity check the key's node name
466 */
467 if (direction == kSwapBTNodeBigToHost)
468 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
469 /* Make sure name length is consistent with key length */
470 if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
471 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) {
472 printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%d\n",
473 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
474 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
475 return fsBTInvalidNodeErr;
476 }
477 for (j = 0; j < srcKey->nodeName.length; j++) {
478 srcKey->nodeName.unicode[j] = SWAP_BE16 (srcKey->nodeName.unicode[j]);
479 }
480 if (direction == kSwapBTNodeHostToBig)
481 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
482
483 /*
484 * For index nodes, the record data is just the child's node number.
485 * Skip over swapping the various types of catalog record.
486 */
487 if (srcDesc->kind == kBTIndexNode) {
488 *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr));
489 continue;
490 }
491
492 /* Make sure the recordType is in native order before using it. */
493 if (direction == kSwapBTNodeBigToHost)
494 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
495
496 if (srcPtr[0] == kHFSPlusFolderRecord) {
497 HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr;
498 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
499 printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
500 return fsBTInvalidNodeErr;
501 }
502
503 srcRec->flags = SWAP_BE16 (srcRec->flags);
504 srcRec->valence = SWAP_BE32 (srcRec->valence);
505 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
506 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
507 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
508 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
509 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
510 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
511
512 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
513 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
514
515 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
516 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
517
518 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
519 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
520
521 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
522
523 /* Don't swap srcRec->userInfo */
524 /* Don't swap srcRec->finderInfo */
525 /* Don't swap srcRec->reserved */
526
527 } else if (srcPtr[0] == kHFSPlusFileRecord) {
528 HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr;
529 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
530 printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
531 return fsBTInvalidNodeErr;
532 }
533
534 srcRec->flags = SWAP_BE16 (srcRec->flags);
535
536 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
537
538 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
539 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
540 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
541 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
542 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
543
544 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
545 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
546
547 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
548 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
549
550 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
551 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
552
553 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
554
555 /* Don't swap srcRec->reserved1 */
556 /* Don't swap srcRec->userInfo */
557 /* Don't swap srcRec->finderInfo */
558 /* Don't swap srcRec->reserved2 */
559
560 hfs_swap_HFSPlusForkData (&srcRec->dataFork);
561 hfs_swap_HFSPlusForkData (&srcRec->resourceFork);
562
563 } else if ((srcPtr[0] == kHFSPlusFolderThreadRecord) ||
564 (srcPtr[0] == kHFSPlusFileThreadRecord)) {
565
566 /*
567 * Make sure there is room for parentID and name length.
568 */
569 HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr;
570 if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) {
571 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
572 return fsBTInvalidNodeErr;
573 }
574
575 /* Don't swap srcRec->reserved */
576
577 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
578
579 if (direction == kSwapBTNodeBigToHost)
580 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
581
582 /*
583 * Make sure there is room for the name in the buffer.
584 * Then swap the characters of the name itself.
585 */
586 if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) {
587 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
588 return fsBTInvalidNodeErr;
589 }
590 for (j = 0; j < srcRec->nodeName.length; j++) {
591 srcRec->nodeName.unicode[j] = SWAP_BE16 (srcRec->nodeName.unicode[j]);
592 }
593
594 if (direction == kSwapBTNodeHostToBig)
595 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
596
597 } else {
598 printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
599 return fsBTInvalidNodeErr;
600 }
601
602 /* We can swap the record type now that we're done using it. */
603 if (direction == kSwapBTNodeHostToBig)
604 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
605 }
606
607 } else if (fileID == kHFSAttributesFileID) {
608 HFSPlusAttrKey *srcKey;
609 HFSPlusAttrRecord *srcRec;
610 u_int16_t keyLength;
611 u_int32_t attrSize = 0;
612
613 for (i = 0; i < srcDesc->numRecords; i++) {
614 /* Point to the start of the record we're currently checking. */
615 srcKey = (HFSPlusAttrKey *)((char *)src->buffer + srcOffs[i]);
616
617 /*
618 * Point to start of next (larger offset) record. We'll use this
619 * to be sure the current record doesn't overflow into the next
620 * record.
621 */
622 nextRecord = (char *)src->buffer + srcOffs[i-1];
623
624 /* Make sure there is room in the buffer for a minimal key */
625 if ((char *) &srcKey->attrName[1] > nextRecord) {
626 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
627 return fsBTInvalidNodeErr;
628 }
629
630 /* Swap the key length field */
631 if (direction == kSwapBTNodeBigToHost)
632 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
633 keyLength = srcKey->keyLength; /* Keep a copy in native order */
634 if (direction == kSwapBTNodeHostToBig)
635 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
636
637 /*
638 * Make sure that we can safely dereference the record's type field or
639 * an index node's child node number.
640 */
641 srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
642 if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) {
643 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
644 return fsBTInvalidNodeErr;
645 }
646
647 srcKey->fileID = SWAP_BE32(srcKey->fileID);
648 srcKey->startBlock = SWAP_BE32(srcKey->startBlock);
649
650 /*
651 * Swap and check the attribute name
652 */
653 if (direction == kSwapBTNodeBigToHost)
654 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
655 /* Sanity check the attribute name length */
656 if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) {
657 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
658 return fsBTInvalidNodeErr;
659 }
660 for (j = 0; j < srcKey->attrNameLen; j++)
661 srcKey->attrName[j] = SWAP_BE16(srcKey->attrName[j]);
662 if (direction == kSwapBTNodeHostToBig)
663 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
664
665 /*
666 * For index nodes, the record data is just the child's node number.
667 * Skip over swapping the various types of attribute record.
668 */
669 if (srcDesc->kind == kBTIndexNode) {
670 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
671 continue;
672 }
673
674 /* Swap the record data */
675 if (direction == kSwapBTNodeBigToHost)
676 srcRec->recordType = SWAP_BE32(srcRec->recordType);
677 switch (srcRec->recordType) {
678 case kHFSPlusAttrInlineData:
679 /* Is there room for the inline data header? */
680 if ((char *) &srcRec->attrData.attrData[0] > nextRecord) {
681 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
682 return fsBTInvalidNodeErr;
683 }
684
685 /* We're not swapping the reserved fields */
686
687 /* Swap the attribute size */
688 if (direction == kSwapBTNodeHostToBig)
689 attrSize = srcRec->attrData.attrSize;
690 srcRec->attrData.attrSize = SWAP_BE32(srcRec->attrData.attrSize);
691 if (direction == kSwapBTNodeBigToHost)
692 attrSize = srcRec->attrData.attrSize;
693
694 /* Is there room for the inline attribute data? */
695 if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) {
696 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
697 return fsBTInvalidNodeErr;
698 }
699
700 /* Not swapping the attribute data itself */
701 break;
702
703 case kHFSPlusAttrForkData:
704 /* Is there room for the fork data record? */
705 if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) {
706 printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
707 return fsBTInvalidNodeErr;
708 }
709
710 /* We're not swapping the reserved field */
711
712 hfs_swap_HFSPlusForkData(&srcRec->forkData.theFork);
713 break;
714
715 case kHFSPlusAttrExtents:
716 /* Is there room for an extent record? */
717 if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) {
718 printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
719 return fsBTInvalidNodeErr;
720 }
721
722 /* We're not swapping the reserved field */
723
724 for (j = 0; j < kHFSPlusExtentDensity; j++) {
725 srcRec->overflowExtents.extents[j].startBlock =
726 SWAP_BE32(srcRec->overflowExtents.extents[j].startBlock);
727 srcRec->overflowExtents.extents[j].blockCount =
728 SWAP_BE32(srcRec->overflowExtents.extents[j].blockCount);
729 }
730 break;
731 }
732 if (direction == kSwapBTNodeHostToBig)
733 srcRec->recordType = SWAP_BE32(srcRec->recordType);
734 }
735 } else if (fileID > kHFSFirstUserCatalogNodeID) {
736 /* The only B-tree with a non-system CNID that we use is the hotfile B-tree */
737 HotFileKey *srcKey;
738 UInt32 *srcRec;
739
740 for (i = 0; i < srcDesc->numRecords; i++) {
741 /* Point to the start of the record we're currently checking. */
742 srcKey = (HotFileKey *)((char *)src->buffer + srcOffs[i]);
743
744 /*
745 * Point to start of next (larger offset) record. We'll use this
746 * to be sure the current record doesn't overflow into the next
747 * record.
748 */
749 nextRecord = (char *)src->buffer + srcOffs[i-1];
750
751 /* Make sure there is room for the key (HotFileKey) and data (UInt32) */
752 if ((char *)srcKey + sizeof(HotFileKey) + sizeof(UInt32) > nextRecord) {
753 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
754 return fsBTInvalidNodeErr;
755 }
756
757 /* Swap and sanity check the key length field */
758 if (direction == kSwapBTNodeBigToHost)
759 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
760 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
761 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
762 return fsBTInvalidNodeErr;
763 }
764 srcRec = (u_int32_t *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
765 if (direction == kSwapBTNodeHostToBig)
766 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
767
768 /* Don't swap srcKey->forkType */
769 /* Don't swap srcKey->pad */
770
771 srcKey->temperature = SWAP_BE32 (srcKey->temperature);
772 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
773
774 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
775 }
776 } else {
777 panic ("hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID);
778 }
779
780
781 return (0);
782 }
783
784 static int
785 hfs_swap_HFSBTInternalNode (
786 BlockDescriptor *src,
787 HFSCatalogNodeID fileID,
788 enum HFSBTSwapDirection direction
789 )
790 {
791 BTNodeDescriptor *srcDesc = src->buffer;
792 UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16))));
793 char *nextRecord; /* Points to start of record following current one */
794
795 UInt32 i;
796 UInt32 j;
797
798 if (fileID == kHFSExtentsFileID) {
799 HFSExtentKey *srcKey;
800 HFSExtentDescriptor *srcRec;
801 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
802
803 if (srcDesc->kind == kBTIndexNode)
804 recordSize = sizeof(UInt32);
805 else
806 recordSize = sizeof(HFSExtentDescriptor);
807
808 for (i = 0; i < srcDesc->numRecords; i++) {
809 /* Point to the start of the record we're currently checking. */
810 srcKey = (HFSExtentKey *)((char *)src->buffer + srcOffs[i]);
811
812 /*
813 * Point to start of next (larger offset) record. We'll use this
814 * to be sure the current record doesn't overflow into the next
815 * record.
816 */
817 nextRecord = (char *)src->buffer + srcOffs[i-1];
818
819 /*
820 * Make sure the key and data are within the buffer. Since both key
821 * and data are fixed size, this is relatively easy. Note that this
822 * relies on the keyLength being a constant; we verify the keyLength
823 * below.
824 */
825 if ((char *)srcKey + sizeof(HFSExtentKey) + recordSize > nextRecord) {
826 printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
827 return fsBTInvalidNodeErr;
828 }
829
830 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
831 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
832 printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
833 return fsBTInvalidNodeErr;
834 }
835
836 /* Don't swap srcKey->forkType; it's only one byte */
837
838 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
839 srcKey->startBlock = SWAP_BE16 (srcKey->startBlock);
840
841 /* Point to record data (round up to even byte boundary) */
842 srcRec = (HFSExtentDescriptor *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
843
844 if (srcDesc->kind == kBTIndexNode) {
845 /* For index nodes, the record data is just a child node number. */
846 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
847 } else {
848 /* Swap the extent data */
849 for (j = 0; j < kHFSExtentDensity; j++) {
850 srcRec[j].startBlock = SWAP_BE16 (srcRec[j].startBlock);
851 srcRec[j].blockCount = SWAP_BE16 (srcRec[j].blockCount);
852 }
853 }
854 }
855
856 } else if (fileID == kHFSCatalogFileID) {
857 HFSCatalogKey *srcKey;
858 SInt16 *srcPtr;
859 unsigned expectedKeyLength;
860
861 for (i = 0; i < srcDesc->numRecords; i++) {
862 /* Point to the start of the record we're currently checking. */
863 srcKey = (HFSCatalogKey *)((char *)src->buffer + srcOffs[i]);
864
865 /*
866 * Point to start of next (larger offset) record. We'll use this
867 * to be sure the current record doesn't overflow into the next
868 * record.
869 */
870 nextRecord = (char *)src->buffer + srcOffs[i-1];
871
872 /*
873 * Make sure we can safely dereference the keyLength and parentID fields.
874 * The value 8 below is 1 bytes for keyLength + 1 byte reserved + 4 bytes
875 * for parentID + 1 byte for nodeName's length + 1 byte to round up the
876 * record start to an even offset, which forms a minimal key.
877 */
878 if ((char *)srcKey + 8 > nextRecord) {
879 printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
880 return fsBTInvalidNodeErr;
881 }
882
883 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
884 if (srcKey->keyLength < kHFSCatalogKeyMinimumLength || srcKey->keyLength > kHFSCatalogKeyMaximumLength) {
885 printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
886 return fsBTInvalidNodeErr;
887 }
888
889 /* Don't swap srcKey->reserved */
890
891 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
892
893 /* Don't swap srcKey->nodeName */
894
895 /* Make sure the keyLength is big enough for the key's content */
896 if (srcDesc->kind == kBTIndexNode)
897 expectedKeyLength = sizeof(*srcKey) - sizeof(srcKey->keyLength);
898 else
899 expectedKeyLength = srcKey->nodeName[0] + kHFSCatalogKeyMinimumLength;
900 if (srcKey->keyLength < expectedKeyLength) {
901 printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
902 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
903 return fsBTInvalidNodeErr;
904 }
905
906 /* Point to record data (round up to even byte boundary) */
907 srcPtr = (SInt16 *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
908
909 /*
910 * Make sure that we can safely dereference the record's type field or
911 * and index node's child node number.
912 */
913 if ((char *)srcPtr + sizeof(UInt32) > nextRecord) {
914 printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
915 return fsBTInvalidNodeErr;
916 }
917
918 /*
919 * For index nodes, the record data is just the child's node number.
920 * Skip over swapping the various types of catalog record.
921 */
922 if (srcDesc->kind == kBTIndexNode) {
923 *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr));
924 continue;
925 }
926
927 /* Make sure the recordType is in native order before using it. */
928 if (direction == kSwapBTNodeBigToHost)
929 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
930
931 if (srcPtr[0] == kHFSFolderRecord) {
932 HFSCatalogFolder *srcRec = (HFSCatalogFolder *)srcPtr;
933 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
934 printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
935 return fsBTInvalidNodeErr;
936 }
937
938 srcRec->flags = SWAP_BE16 (srcRec->flags);
939 srcRec->valence = SWAP_BE16 (srcRec->valence);
940
941 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
942 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
943 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
944 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
945
946 /* Don't swap srcRec->userInfo */
947 /* Don't swap srcRec->finderInfo */
948 /* Don't swap resserved array */
949
950 } else if (srcPtr[0] == kHFSFileRecord) {
951 HFSCatalogFile *srcRec = (HFSCatalogFile *)srcPtr;
952 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
953 printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
954 return fsBTInvalidNodeErr;
955 }
956
957 srcRec->flags = srcRec->flags;
958 srcRec->fileType = srcRec->fileType;
959
960 /* Don't swap srcRec->userInfo */
961
962 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
963
964 srcRec->dataStartBlock = SWAP_BE16 (srcRec->dataStartBlock);
965 srcRec->dataLogicalSize = SWAP_BE32 (srcRec->dataLogicalSize);
966 srcRec->dataPhysicalSize = SWAP_BE32 (srcRec->dataPhysicalSize);
967
968 srcRec->rsrcStartBlock = SWAP_BE16 (srcRec->rsrcStartBlock);
969 srcRec->rsrcLogicalSize = SWAP_BE32 (srcRec->rsrcLogicalSize);
970 srcRec->rsrcPhysicalSize = SWAP_BE32 (srcRec->rsrcPhysicalSize);
971
972 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
973 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
974 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
975
976 /* Don't swap srcRec->finderInfo */
977
978 srcRec->clumpSize = SWAP_BE16 (srcRec->clumpSize);
979
980 /* Swap the two sets of extents as an array of six (three each) UInt16 */
981 for (j = 0; j < kHFSExtentDensity * 2; j++) {
982 srcRec->dataExtents[j].startBlock = SWAP_BE16 (srcRec->dataExtents[j].startBlock);
983 srcRec->dataExtents[j].blockCount = SWAP_BE16 (srcRec->dataExtents[j].blockCount);
984 }
985
986 /* Don't swap srcRec->reserved */
987
988 } else if ((srcPtr[0] == kHFSFolderThreadRecord) ||
989 (srcPtr[0] == kHFSFileThreadRecord)) {
990 HFSCatalogThread *srcRec = (HFSCatalogThread *)srcPtr;
991
992 /* Make sure there is room for parentID and name length */
993 if ((char *) &srcRec->nodeName[1] > nextRecord) {
994 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
995 return fsBTInvalidNodeErr;
996 }
997
998 /* Don't swap srcRec->reserved array */
999
1000 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
1001
1002 /* Don't swap srcRec->nodeName */
1003
1004 /* Make sure there is room for the name in the buffer */
1005 if ((char *) &srcRec->nodeName[srcRec->nodeName[0]] > nextRecord) {
1006 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1007 return fsBTInvalidNodeErr;
1008 }
1009 } else {
1010 printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1011 return fsBTInvalidNodeErr;
1012 }
1013
1014 /* We can swap the record type now that we're done using it */
1015 if (direction == kSwapBTNodeHostToBig)
1016 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1017 }
1018
1019 } else {
1020 panic ("hfs_swap_HFSBTInternalNode: fileID %u is not a system B-tree\n", fileID);
1021 }
1022
1023 return (0);
1024 }
mirror of XNU