]> git.saurik.com Git - apple/xnu.git/blob - bsd/hfs/hfs_endian.c
projects / apple / xnu.git / blob
? search:


dd8b7f13c095f9c6a18b0775a0c2832416838f90
[apple/xnu.git] / bsd / hfs / hfs_endian.c
1 /*
2 * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * hfs_endian.c
31 *
32 * This file implements endian swapping routines for the HFS/HFS Plus
33 * volume format.
34 */
35
36 #include "hfs_endian.h"
37 #include "hfs_dbg.h"
38 #include "hfscommon/headers/BTreesPrivate.h"
39
40 #undef ENDIAN_DEBUG
41
42 /*
43 * Internal swapping routines
44 *
45 * These routines handle swapping the records of leaf and index nodes. The
46 * layout of the keys and records varies depending on the kind of B-tree
47 * (determined by fileID).
48 *
49 * The direction parameter must be kSwapBTNodeBigToHost or kSwapBTNodeHostToBig.
50 * The kSwapBTNodeHeaderRecordOnly "direction" is not valid for these routines.
51 */
52 static int hfs_swap_HFSPlusBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
53 static int hfs_swap_HFSBTInternalNode (BlockDescriptor *src, HFSCatalogNodeID fileID, enum HFSBTSwapDirection direction);
54
55 /*
56 * hfs_swap_HFSPlusForkData
57 */
58 static void
59 hfs_swap_HFSPlusForkData (
60 HFSPlusForkData *src
61 )
62 {
63 int i;
64
65 src->logicalSize = SWAP_BE64 (src->logicalSize);
66
67 src->clumpSize = SWAP_BE32 (src->clumpSize);
68 src->totalBlocks = SWAP_BE32 (src->totalBlocks);
69
70 for (i = 0; i < kHFSPlusExtentDensity; i++) {
71 src->extents[i].startBlock = SWAP_BE32 (src->extents[i].startBlock);
72 src->extents[i].blockCount = SWAP_BE32 (src->extents[i].blockCount);
73 }
74 }
75
76 /*
77 * hfs_swap_BTNode
78 *
79 * NOTE: This operation is not naturally symmetric.
80 * We have to determine which way we're swapping things.
81 */
82 int
83 hfs_swap_BTNode (
84 BlockDescriptor *src,
85 vnode_t vp,
86 enum HFSBTSwapDirection direction
87 )
88 {
89 BTNodeDescriptor *srcDesc = src->buffer;
90 UInt16 *srcOffs = NULL;
91 BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr;
92 UInt32 i;
93 int error = 0;
94
95 #ifdef ENDIAN_DEBUG
96 if (direction == kSwapBTNodeBigToHost) {
97 printf ("BE -> Native Swap\n");
98 } else if (direction == kSwapBTNodeHostToBig) {
99 printf ("Native -> BE Swap\n");
100 } else if (direction == kSwapBTNodeHeaderRecordOnly) {
101 printf ("Not swapping descriptors\n");
102 } else {
103 panic ("hfs_swap_BTNode: This is impossible");
104 }
105 #endif
106
107 /*
108 * If we are doing a swap from on-disk to in-memory, then swap the node
109 * descriptor and record offsets before we need to use them.
110 */
111 if (direction == kSwapBTNodeBigToHost) {
112 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
113 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
114
115 /*
116 * When first opening a BTree, we have to read the header node before the
117 * control block is initialized. In this case, totalNodes will be zero,
118 * so skip the bounds checking.
119 */
120 if (btcb->totalNodes != 0) {
121 if (srcDesc->fLink >= btcb->totalNodes) {
122 printf("hfs_swap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
123 error = fsBTInvalidHeaderErr;
124 goto fail;
125 }
126 if (srcDesc->bLink >= btcb->totalNodes) {
127 printf("hfs_swap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
128 error = fsBTInvalidHeaderErr;
129 goto fail;
130 }
131 }
132
133 /*
134 * Check srcDesc->kind. Don't swap it because it's only one byte.
135 */
136 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
137 printf("hfs_swap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
138 error = fsBTInvalidHeaderErr;
139 goto fail;
140 }
141
142 /*
143 * Check srcDesc->height. Don't swap it because it's only one byte.
144 */
145 if (srcDesc->height > btcb->treeDepth) {
146 printf("hfs_swap_BTNode: invalid node height (%d)\n", srcDesc->height);
147 error = fsBTInvalidHeaderErr;
148 goto fail;
149 }
150
151 /* Don't swap srcDesc->reserved */
152
153 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
154
155 /*
156 * Swap the node offsets (including the free space one!).
157 */
158 srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16))));
159
160 /*
161 * Sanity check that the record offsets are within the node itself.
162 */
163 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
164 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
165 printf("hfs_swap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
166 error = fsBTInvalidHeaderErr;
167 goto fail;
168 }
169
170 /*
171 * Swap and sanity check each of the record offsets.
172 */
173 for (i = 0; i <= srcDesc->numRecords; i++) {
174 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
175
176 /*
177 * Sanity check: must be even, and within the node itself.
178 *
179 * We may be called to swap an unused node, which contains all zeroes.
180 * This is why we allow the record offset to be zero.
181 */
182 if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) {
183 printf("hfs_swap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
184 error = fsBTInvalidHeaderErr;
185 goto fail;
186 }
187
188 /*
189 * Make sure the offsets are strictly increasing. Note that we're looping over
190 * them backwards, hence the order in the comparison.
191 */
192 if ((i != 0) && (srcOffs[i] >= srcOffs[i-1])) {
193 printf("hfs_swap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
194 srcDesc->numRecords-i-1, srcDesc->numRecords-i, srcOffs[i], srcOffs[i-1]);
195 error = fsBTInvalidHeaderErr;
196 goto fail;
197 }
198 }
199 }
200
201 /*
202 * Swap the records (ordered by frequency of access)
203 */
204 if ((srcDesc->kind == kBTIndexNode) ||
205 (srcDesc-> kind == kBTLeafNode)) {
206
207 if (VTOVCB(vp)->vcbSigWord == kHFSPlusSigWord) {
208 error = hfs_swap_HFSPlusBTInternalNode (src, VTOC(vp)->c_fileid, direction);
209 } else {
210 error = hfs_swap_HFSBTInternalNode (src, VTOC(vp)->c_fileid, direction);
211 }
212
213 if (error) goto fail;
214
215 } else if (srcDesc-> kind == kBTMapNode) {
216 /* Don't swap the bitmaps, they'll be done in the bitmap routines */
217
218 } else if (srcDesc-> kind == kBTHeaderNode) {
219 /* The header's offset is hard-wired because we cannot trust the offset pointers. */
220 BTHeaderRec *srcHead = (BTHeaderRec *)((char *)src->buffer + sizeof(BTNodeDescriptor));
221
222 srcHead->treeDepth = SWAP_BE16 (srcHead->treeDepth);
223
224 srcHead->rootNode = SWAP_BE32 (srcHead->rootNode);
225 srcHead->leafRecords = SWAP_BE32 (srcHead->leafRecords);
226 srcHead->firstLeafNode = SWAP_BE32 (srcHead->firstLeafNode);
227 srcHead->lastLeafNode = SWAP_BE32 (srcHead->lastLeafNode);
228
229 srcHead->nodeSize = SWAP_BE16 (srcHead->nodeSize);
230 srcHead->maxKeyLength = SWAP_BE16 (srcHead->maxKeyLength);
231
232 srcHead->totalNodes = SWAP_BE32 (srcHead->totalNodes);
233 srcHead->freeNodes = SWAP_BE32 (srcHead->freeNodes);
234
235 srcHead->clumpSize = SWAP_BE32 (srcHead->clumpSize);
236 srcHead->attributes = SWAP_BE32 (srcHead->attributes);
237
238 /* Don't swap srcHead->reserved1 */
239 /* Don't swap srcHead->btreeType; it's only one byte */
240 /* Don't swap srcHead->reserved2 */
241 /* Don't swap srcHead->reserved3 */
242 /* Don't swap bitmap */
243 }
244
245 /*
246 * If we are doing a swap from in-memory to on-disk, then swap the node
247 * descriptor and record offsets after we're done using them.
248 */
249 if (direction == kSwapBTNodeHostToBig) {
250 /*
251 * Sanity check and swap the forkward and backward links.
252 */
253 if (srcDesc->fLink >= btcb->totalNodes) {
254 printf("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink);
255 error = fsBTInvalidHeaderErr;
256 goto fail;
257 }
258 if (srcDesc->bLink >= btcb->totalNodes) {
259 printf("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink);
260 error = fsBTInvalidHeaderErr;
261 goto fail;
262 }
263 srcDesc->fLink = SWAP_BE32 (srcDesc->fLink);
264 srcDesc->bLink = SWAP_BE32 (srcDesc->bLink);
265
266 /*
267 * Check srcDesc->kind. Don't swap it because it's only one byte.
268 */
269 if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) {
270 printf("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind);
271 error = fsBTInvalidHeaderErr;
272 goto fail;
273 }
274
275 /*
276 * Check srcDesc->height. Don't swap it because it's only one byte.
277 */
278 if (srcDesc->height > btcb->treeDepth) {
279 printf("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height);
280 error = fsBTInvalidHeaderErr;
281 goto fail;
282 }
283
284 /* Don't swap srcDesc->reserved */
285
286 /*
287 * Swap the node offsets (including the free space one!).
288 */
289 srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16))));
290
291 /*
292 * Sanity check that the record offsets are within the node itself.
293 */
294 if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) ||
295 (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) {
296 printf("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords);
297 error = fsBTInvalidHeaderErr;
298 goto fail;
299 }
300
301 /*
302 * Swap and sanity check each of the record offsets.
303 */
304 for (i = 0; i <= srcDesc->numRecords; i++) {
305 /*
306 * Sanity check: must be even, and within the node itself.
307 *
308 * We may be called to swap an unused node, which contains all zeroes.
309 * This is why we allow the record offset to be zero.
310 */
311 if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) {
312 printf("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
313 error = fsBTInvalidHeaderErr;
314 goto fail;
315 }
316
317 /*
318 * Make sure the offsets are strictly increasing. Note that we're looping over
319 * them backwards, hence the order in the comparison.
320 */
321 if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) {
322 printf("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n",
323 srcDesc->numRecords-i-2, srcDesc->numRecords-i-1, srcOffs[i+1], srcOffs[i]);
324 error = fsBTInvalidHeaderErr;
325 goto fail;
326 }
327
328 srcOffs[i] = SWAP_BE16 (srcOffs[i]);
329 }
330
331 srcDesc->numRecords = SWAP_BE16 (srcDesc->numRecords);
332 }
333
334 fail:
335 if (error) {
336 /*
337 * Log some useful information about where the corrupt node is.
338 */
339 printf("node=%lld fileID=%u volume=%s device=%s\n", src->blockNum, VTOC(vp)->c_fileid,
340 VTOVCB(vp)->vcbVN, vfs_statfs(vnode_mount(vp))->f_mntfromname);
341 VTOVCB(vp)->vcbFlags |= kHFS_DamagedVolume;
342 }
343
344 return (error);
345 }
346
347 static int
348 hfs_swap_HFSPlusBTInternalNode (
349 BlockDescriptor *src,
350 HFSCatalogNodeID fileID,
351 enum HFSBTSwapDirection direction
352 )
353 {
354 BTNodeDescriptor *srcDesc = src->buffer;
355 UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16))));
356 char *nextRecord; /* Points to start of record following current one */
357 UInt32 i;
358 UInt32 j;
359
360 if (fileID == kHFSExtentsFileID) {
361 HFSPlusExtentKey *srcKey;
362 HFSPlusExtentDescriptor *srcRec;
363 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
364
365 if (srcDesc->kind == kBTIndexNode)
366 recordSize = sizeof(UInt32);
367 else
368 recordSize = sizeof(HFSPlusExtentDescriptor);
369
370 for (i = 0; i < srcDesc->numRecords; i++) {
371 /* Point to the start of the record we're currently checking. */
372 srcKey = (HFSPlusExtentKey *)((char *)src->buffer + srcOffs[i]);
373
374 /*
375 * Point to start of next (larger offset) record. We'll use this
376 * to be sure the current record doesn't overflow into the next
377 * record.
378 */
379 nextRecord = (char *)src->buffer + srcOffs[i-1];
380
381 /*
382 * Make sure the key and data are within the buffer. Since both key
383 * and data are fixed size, this is relatively easy. Note that this
384 * relies on the keyLength being a constant; we verify the keyLength
385 * below.
386 */
387 if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) {
388 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
389 return fsBTInvalidNodeErr;
390 }
391
392 if (direction == kSwapBTNodeBigToHost)
393 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
394 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
395 printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
396 return fsBTInvalidNodeErr;
397 }
398 srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
399 if (direction == kSwapBTNodeHostToBig)
400 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
401
402 /* Don't swap srcKey->forkType; it's only one byte */
403 /* Don't swap srcKey->pad */
404
405 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
406 srcKey->startBlock = SWAP_BE32 (srcKey->startBlock);
407
408 if (srcDesc->kind == kBTIndexNode) {
409 /* For index nodes, the record data is just a child node number. */
410 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
411 } else {
412 /* Swap the extent data */
413 for (j = 0; j < kHFSPlusExtentDensity; j++) {
414 srcRec[j].startBlock = SWAP_BE32 (srcRec[j].startBlock);
415 srcRec[j].blockCount = SWAP_BE32 (srcRec[j].blockCount);
416 }
417 }
418 }
419
420 } else if (fileID == kHFSCatalogFileID) {
421 HFSPlusCatalogKey *srcKey;
422 SInt16 *srcPtr;
423 u_int16_t keyLength;
424
425 for (i = 0; i < srcDesc->numRecords; i++) {
426 /* Point to the start of the record we're currently checking. */
427 srcKey = (HFSPlusCatalogKey *)((char *)src->buffer + srcOffs[i]);
428
429 /*
430 * Point to start of next (larger offset) record. We'll use this
431 * to be sure the current record doesn't overflow into the next
432 * record.
433 */
434 nextRecord = (char *)src->buffer + srcOffs[i-1];
435
436 /*
437 * Make sure we can safely dereference the keyLength and parentID fields. */
438 if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) {
439 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
440 return fsBTInvalidNodeErr;
441 }
442
443 /*
444 * Swap and sanity check the key length
445 */
446 if (direction == kSwapBTNodeBigToHost)
447 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
448 keyLength = srcKey->keyLength; /* Put it in a local (native order) because we use it several times */
449 if (direction == kSwapBTNodeHostToBig)
450 srcKey->keyLength = SWAP_BE16 (keyLength);
451
452 /* Sanity check the key length */
453 if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) {
454 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength);
455 return fsBTInvalidNodeErr;
456 }
457
458 /*
459 * Make sure that we can safely dereference the record's type field or
460 * an index node's child node number.
461 */
462 srcPtr = (SInt16 *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
463 if ((char *)srcPtr + sizeof(UInt32) > nextRecord) {
464 printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
465 return fsBTInvalidNodeErr;
466 }
467
468 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
469
470 /*
471 * Swap and sanity check the key's node name
472 */
473 if (direction == kSwapBTNodeBigToHost)
474 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
475 /* Make sure name length is consistent with key length */
476 if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
477 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) {
478 printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%d\n",
479 srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) +
480 srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0]));
481 return fsBTInvalidNodeErr;
482 }
483 for (j = 0; j < srcKey->nodeName.length; j++) {
484 srcKey->nodeName.unicode[j] = SWAP_BE16 (srcKey->nodeName.unicode[j]);
485 }
486 if (direction == kSwapBTNodeHostToBig)
487 srcKey->nodeName.length = SWAP_BE16 (srcKey->nodeName.length);
488
489 /*
490 * For index nodes, the record data is just the child's node number.
491 * Skip over swapping the various types of catalog record.
492 */
493 if (srcDesc->kind == kBTIndexNode) {
494 *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr));
495 continue;
496 }
497
498 /* Make sure the recordType is in native order before using it. */
499 if (direction == kSwapBTNodeBigToHost)
500 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
501
502 if (srcPtr[0] == kHFSPlusFolderRecord) {
503 HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr;
504 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
505 printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
506 return fsBTInvalidNodeErr;
507 }
508
509 srcRec->flags = SWAP_BE16 (srcRec->flags);
510 srcRec->valence = SWAP_BE32 (srcRec->valence);
511 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
512 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
513 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
514 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
515 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
516 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
517
518 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
519 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
520
521 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
522 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
523
524 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
525 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
526
527 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
528
529 /* Don't swap srcRec->userInfo */
530 /* Don't swap srcRec->finderInfo */
531 /* Don't swap srcRec->reserved */
532
533 } else if (srcPtr[0] == kHFSPlusFileRecord) {
534 HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr;
535 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
536 printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
537 return fsBTInvalidNodeErr;
538 }
539
540 srcRec->flags = SWAP_BE16 (srcRec->flags);
541
542 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
543
544 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
545 srcRec->contentModDate = SWAP_BE32 (srcRec->contentModDate);
546 srcRec->attributeModDate = SWAP_BE32 (srcRec->attributeModDate);
547 srcRec->accessDate = SWAP_BE32 (srcRec->accessDate);
548 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
549
550 srcRec->bsdInfo.ownerID = SWAP_BE32 (srcRec->bsdInfo.ownerID);
551 srcRec->bsdInfo.groupID = SWAP_BE32 (srcRec->bsdInfo.groupID);
552
553 /* Don't swap srcRec->bsdInfo.adminFlags; it's only one byte */
554 /* Don't swap srcRec->bsdInfo.ownerFlags; it's only one byte */
555
556 srcRec->bsdInfo.fileMode = SWAP_BE16 (srcRec->bsdInfo.fileMode);
557 srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum);
558
559 srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding);
560
561 /* Don't swap srcRec->reserved1 */
562 /* Don't swap srcRec->userInfo */
563 /* Don't swap srcRec->finderInfo */
564 /* Don't swap srcRec->reserved2 */
565
566 hfs_swap_HFSPlusForkData (&srcRec->dataFork);
567 hfs_swap_HFSPlusForkData (&srcRec->resourceFork);
568
569 } else if ((srcPtr[0] == kHFSPlusFolderThreadRecord) ||
570 (srcPtr[0] == kHFSPlusFileThreadRecord)) {
571
572 /*
573 * Make sure there is room for parentID and name length.
574 */
575 HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr;
576 if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) {
577 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
578 return fsBTInvalidNodeErr;
579 }
580
581 /* Don't swap srcRec->reserved */
582
583 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
584
585 if (direction == kSwapBTNodeBigToHost)
586 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
587
588 /*
589 * Make sure there is room for the name in the buffer.
590 * Then swap the characters of the name itself.
591 */
592 if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) {
593 printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
594 return fsBTInvalidNodeErr;
595 }
596 for (j = 0; j < srcRec->nodeName.length; j++) {
597 srcRec->nodeName.unicode[j] = SWAP_BE16 (srcRec->nodeName.unicode[j]);
598 }
599
600 if (direction == kSwapBTNodeHostToBig)
601 srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length);
602
603 } else {
604 printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
605 return fsBTInvalidNodeErr;
606 }
607
608 /* We can swap the record type now that we're done using it. */
609 if (direction == kSwapBTNodeHostToBig)
610 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
611 }
612
613 } else if (fileID == kHFSAttributesFileID) {
614 HFSPlusAttrKey *srcKey;
615 HFSPlusAttrRecord *srcRec;
616 u_int16_t keyLength;
617 u_int32_t attrSize = 0;
618
619 for (i = 0; i < srcDesc->numRecords; i++) {
620 /* Point to the start of the record we're currently checking. */
621 srcKey = (HFSPlusAttrKey *)((char *)src->buffer + srcOffs[i]);
622
623 /*
624 * Point to start of next (larger offset) record. We'll use this
625 * to be sure the current record doesn't overflow into the next
626 * record.
627 */
628 nextRecord = (char *)src->buffer + srcOffs[i-1];
629
630 /* Make sure there is room in the buffer for a minimal key */
631 if ((char *) &srcKey->attrName[1] > nextRecord) {
632 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
633 return fsBTInvalidNodeErr;
634 }
635
636 /* Swap the key length field */
637 if (direction == kSwapBTNodeBigToHost)
638 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
639 keyLength = srcKey->keyLength; /* Keep a copy in native order */
640 if (direction == kSwapBTNodeHostToBig)
641 srcKey->keyLength = SWAP_BE16(srcKey->keyLength);
642
643 /*
644 * Make sure that we can safely dereference the record's type field or
645 * an index node's child node number.
646 */
647 srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength));
648 if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) {
649 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength);
650 return fsBTInvalidNodeErr;
651 }
652
653 srcKey->fileID = SWAP_BE32(srcKey->fileID);
654 srcKey->startBlock = SWAP_BE32(srcKey->startBlock);
655
656 /*
657 * Swap and check the attribute name
658 */
659 if (direction == kSwapBTNodeBigToHost)
660 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
661 /* Sanity check the attribute name length */
662 if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) {
663 printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen);
664 return fsBTInvalidNodeErr;
665 }
666 for (j = 0; j < srcKey->attrNameLen; j++)
667 srcKey->attrName[j] = SWAP_BE16(srcKey->attrName[j]);
668 if (direction == kSwapBTNodeHostToBig)
669 srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen);
670
671 /*
672 * For index nodes, the record data is just the child's node number.
673 * Skip over swapping the various types of attribute record.
674 */
675 if (srcDesc->kind == kBTIndexNode) {
676 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
677 continue;
678 }
679
680 /* Swap the record data */
681 if (direction == kSwapBTNodeBigToHost)
682 srcRec->recordType = SWAP_BE32(srcRec->recordType);
683 switch (srcRec->recordType) {
684 case kHFSPlusAttrInlineData:
685 /* Is there room for the inline data header? */
686 if ((char *) &srcRec->attrData.attrData[0] > nextRecord) {
687 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1);
688 return fsBTInvalidNodeErr;
689 }
690
691 /* We're not swapping the reserved fields */
692
693 /* Swap the attribute size */
694 if (direction == kSwapBTNodeHostToBig)
695 attrSize = srcRec->attrData.attrSize;
696 srcRec->attrData.attrSize = SWAP_BE32(srcRec->attrData.attrSize);
697 if (direction == kSwapBTNodeBigToHost)
698 attrSize = srcRec->attrData.attrSize;
699
700 /* Is there room for the inline attribute data? */
701 if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) {
702 printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize);
703 return fsBTInvalidNodeErr;
704 }
705
706 /* Not swapping the attribute data itself */
707 break;
708
709 case kHFSPlusAttrForkData:
710 /* Is there room for the fork data record? */
711 if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) {
712 printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1);
713 return fsBTInvalidNodeErr;
714 }
715
716 /* We're not swapping the reserved field */
717
718 hfs_swap_HFSPlusForkData(&srcRec->forkData.theFork);
719 break;
720
721 case kHFSPlusAttrExtents:
722 /* Is there room for an extent record? */
723 if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) {
724 printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1);
725 return fsBTInvalidNodeErr;
726 }
727
728 /* We're not swapping the reserved field */
729
730 for (j = 0; j < kHFSPlusExtentDensity; j++) {
731 srcRec->overflowExtents.extents[j].startBlock =
732 SWAP_BE32(srcRec->overflowExtents.extents[j].startBlock);
733 srcRec->overflowExtents.extents[j].blockCount =
734 SWAP_BE32(srcRec->overflowExtents.extents[j].blockCount);
735 }
736 break;
737 }
738 if (direction == kSwapBTNodeHostToBig)
739 srcRec->recordType = SWAP_BE32(srcRec->recordType);
740 }
741 } else if (fileID > kHFSFirstUserCatalogNodeID) {
742 /* The only B-tree with a non-system CNID that we use is the hotfile B-tree */
743 HotFileKey *srcKey;
744 UInt32 *srcRec;
745
746 for (i = 0; i < srcDesc->numRecords; i++) {
747 /* Point to the start of the record we're currently checking. */
748 srcKey = (HotFileKey *)((char *)src->buffer + srcOffs[i]);
749
750 /*
751 * Point to start of next (larger offset) record. We'll use this
752 * to be sure the current record doesn't overflow into the next
753 * record.
754 */
755 nextRecord = (char *)src->buffer + srcOffs[i-1];
756
757 /* Make sure there is room for the key (HotFileKey) and data (UInt32) */
758 if ((char *)srcKey + sizeof(HotFileKey) + sizeof(UInt32) > nextRecord) {
759 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
760 return fsBTInvalidNodeErr;
761 }
762
763 /* Swap and sanity check the key length field */
764 if (direction == kSwapBTNodeBigToHost)
765 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
766 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
767 printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength);
768 return fsBTInvalidNodeErr;
769 }
770 srcRec = (u_int32_t *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength));
771 if (direction == kSwapBTNodeHostToBig)
772 srcKey->keyLength = SWAP_BE16 (srcKey->keyLength);
773
774 /* Don't swap srcKey->forkType */
775 /* Don't swap srcKey->pad */
776
777 srcKey->temperature = SWAP_BE32 (srcKey->temperature);
778 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
779
780 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
781 }
782 } else {
783 panic ("hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID);
784 }
785
786
787 return (0);
788 }
789
790 static int
791 hfs_swap_HFSBTInternalNode (
792 BlockDescriptor *src,
793 HFSCatalogNodeID fileID,
794 enum HFSBTSwapDirection direction
795 )
796 {
797 BTNodeDescriptor *srcDesc = src->buffer;
798 UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16))));
799 char *nextRecord; /* Points to start of record following current one */
800
801 UInt32 i;
802 UInt32 j;
803
804 if (fileID == kHFSExtentsFileID) {
805 HFSExtentKey *srcKey;
806 HFSExtentDescriptor *srcRec;
807 size_t recordSize; /* Size of the data part of the record, or node number for index nodes */
808
809 if (srcDesc->kind == kBTIndexNode)
810 recordSize = sizeof(UInt32);
811 else
812 recordSize = sizeof(HFSExtentDescriptor);
813
814 for (i = 0; i < srcDesc->numRecords; i++) {
815 /* Point to the start of the record we're currently checking. */
816 srcKey = (HFSExtentKey *)((char *)src->buffer + srcOffs[i]);
817
818 /*
819 * Point to start of next (larger offset) record. We'll use this
820 * to be sure the current record doesn't overflow into the next
821 * record.
822 */
823 nextRecord = (char *)src->buffer + srcOffs[i-1];
824
825 /*
826 * Make sure the key and data are within the buffer. Since both key
827 * and data are fixed size, this is relatively easy. Note that this
828 * relies on the keyLength being a constant; we verify the keyLength
829 * below.
830 */
831 if ((char *)srcKey + sizeof(HFSExtentKey) + recordSize > nextRecord) {
832 printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
833 return fsBTInvalidNodeErr;
834 }
835
836 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
837 if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) {
838 printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
839 return fsBTInvalidNodeErr;
840 }
841
842 /* Don't swap srcKey->forkType; it's only one byte */
843
844 srcKey->fileID = SWAP_BE32 (srcKey->fileID);
845 srcKey->startBlock = SWAP_BE16 (srcKey->startBlock);
846
847 /* Point to record data (round up to even byte boundary) */
848 srcRec = (HFSExtentDescriptor *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
849
850 if (srcDesc->kind == kBTIndexNode) {
851 /* For index nodes, the record data is just a child node number. */
852 *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec));
853 } else {
854 /* Swap the extent data */
855 for (j = 0; j < kHFSExtentDensity; j++) {
856 srcRec[j].startBlock = SWAP_BE16 (srcRec[j].startBlock);
857 srcRec[j].blockCount = SWAP_BE16 (srcRec[j].blockCount);
858 }
859 }
860 }
861
862 } else if (fileID == kHFSCatalogFileID) {
863 HFSCatalogKey *srcKey;
864 SInt16 *srcPtr;
865 unsigned expectedKeyLength;
866
867 for (i = 0; i < srcDesc->numRecords; i++) {
868 /* Point to the start of the record we're currently checking. */
869 srcKey = (HFSCatalogKey *)((char *)src->buffer + srcOffs[i]);
870
871 /*
872 * Point to start of next (larger offset) record. We'll use this
873 * to be sure the current record doesn't overflow into the next
874 * record.
875 */
876 nextRecord = (char *)src->buffer + srcOffs[i-1];
877
878 /*
879 * Make sure we can safely dereference the keyLength and parentID fields.
880 * The value 8 below is 1 bytes for keyLength + 1 byte reserved + 4 bytes
881 * for parentID + 1 byte for nodeName's length + 1 byte to round up the
882 * record start to an even offset, which forms a minimal key.
883 */
884 if ((char *)srcKey + 8 > nextRecord) {
885 printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]);
886 return fsBTInvalidNodeErr;
887 }
888
889 /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */
890 if (srcKey->keyLength < kHFSCatalogKeyMinimumLength || srcKey->keyLength > kHFSCatalogKeyMaximumLength) {
891 printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength);
892 return fsBTInvalidNodeErr;
893 }
894
895 /* Don't swap srcKey->reserved */
896
897 srcKey->parentID = SWAP_BE32 (srcKey->parentID);
898
899 /* Don't swap srcKey->nodeName */
900
901 /* Make sure the keyLength is big enough for the key's content */
902 if (srcDesc->kind == kBTIndexNode)
903 expectedKeyLength = sizeof(*srcKey) - sizeof(srcKey->keyLength);
904 else
905 expectedKeyLength = srcKey->nodeName[0] + kHFSCatalogKeyMinimumLength;
906 if (srcKey->keyLength < expectedKeyLength) {
907 printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n",
908 srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength);
909 return fsBTInvalidNodeErr;
910 }
911
912 /* Point to record data (round up to even byte boundary) */
913 srcPtr = (SInt16 *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1));
914
915 /*
916 * Make sure that we can safely dereference the record's type field or
917 * and index node's child node number.
918 */
919 if ((char *)srcPtr + sizeof(UInt32) > nextRecord) {
920 printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1);
921 return fsBTInvalidNodeErr;
922 }
923
924 /*
925 * For index nodes, the record data is just the child's node number.
926 * Skip over swapping the various types of catalog record.
927 */
928 if (srcDesc->kind == kBTIndexNode) {
929 *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr));
930 continue;
931 }
932
933 /* Make sure the recordType is in native order before using it. */
934 if (direction == kSwapBTNodeBigToHost)
935 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
936
937 if (srcPtr[0] == kHFSFolderRecord) {
938 HFSCatalogFolder *srcRec = (HFSCatalogFolder *)srcPtr;
939 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
940 printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1);
941 return fsBTInvalidNodeErr;
942 }
943
944 srcRec->flags = SWAP_BE16 (srcRec->flags);
945 srcRec->valence = SWAP_BE16 (srcRec->valence);
946
947 srcRec->folderID = SWAP_BE32 (srcRec->folderID);
948 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
949 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
950 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
951
952 /* Don't swap srcRec->userInfo */
953 /* Don't swap srcRec->finderInfo */
954 /* Don't swap resserved array */
955
956 } else if (srcPtr[0] == kHFSFileRecord) {
957 HFSCatalogFile *srcRec = (HFSCatalogFile *)srcPtr;
958 if ((char *)srcRec + sizeof(*srcRec) > nextRecord) {
959 printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1);
960 return fsBTInvalidNodeErr;
961 }
962
963 srcRec->flags = srcRec->flags;
964 srcRec->fileType = srcRec->fileType;
965
966 /* Don't swap srcRec->userInfo */
967
968 srcRec->fileID = SWAP_BE32 (srcRec->fileID);
969
970 srcRec->dataStartBlock = SWAP_BE16 (srcRec->dataStartBlock);
971 srcRec->dataLogicalSize = SWAP_BE32 (srcRec->dataLogicalSize);
972 srcRec->dataPhysicalSize = SWAP_BE32 (srcRec->dataPhysicalSize);
973
974 srcRec->rsrcStartBlock = SWAP_BE16 (srcRec->rsrcStartBlock);
975 srcRec->rsrcLogicalSize = SWAP_BE32 (srcRec->rsrcLogicalSize);
976 srcRec->rsrcPhysicalSize = SWAP_BE32 (srcRec->rsrcPhysicalSize);
977
978 srcRec->createDate = SWAP_BE32 (srcRec->createDate);
979 srcRec->modifyDate = SWAP_BE32 (srcRec->modifyDate);
980 srcRec->backupDate = SWAP_BE32 (srcRec->backupDate);
981
982 /* Don't swap srcRec->finderInfo */
983
984 srcRec->clumpSize = SWAP_BE16 (srcRec->clumpSize);
985
986 /* Swap the two sets of extents as an array of six (three each) UInt16 */
987 for (j = 0; j < kHFSExtentDensity * 2; j++) {
988 srcRec->dataExtents[j].startBlock = SWAP_BE16 (srcRec->dataExtents[j].startBlock);
989 srcRec->dataExtents[j].blockCount = SWAP_BE16 (srcRec->dataExtents[j].blockCount);
990 }
991
992 /* Don't swap srcRec->reserved */
993
994 } else if ((srcPtr[0] == kHFSFolderThreadRecord) ||
995 (srcPtr[0] == kHFSFileThreadRecord)) {
996 HFSCatalogThread *srcRec = (HFSCatalogThread *)srcPtr;
997
998 /* Make sure there is room for parentID and name length */
999 if ((char *) &srcRec->nodeName[1] > nextRecord) {
1000 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1);
1001 return fsBTInvalidNodeErr;
1002 }
1003
1004 /* Don't swap srcRec->reserved array */
1005
1006 srcRec->parentID = SWAP_BE32 (srcRec->parentID);
1007
1008 /* Don't swap srcRec->nodeName */
1009
1010 /* Make sure there is room for the name in the buffer */
1011 if ((char *) &srcRec->nodeName[srcRec->nodeName[0]] > nextRecord) {
1012 printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1);
1013 return fsBTInvalidNodeErr;
1014 }
1015 } else {
1016 printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1);
1017 return fsBTInvalidNodeErr;
1018 }
1019
1020 /* We can swap the record type now that we're done using it */
1021 if (direction == kSwapBTNodeHostToBig)
1022 srcPtr[0] = SWAP_BE16 (srcPtr[0]);
1023 }
1024
1025 } else {
1026 panic ("hfs_swap_HFSBTInternalNode: fileID %u is not a system B-tree\n", fileID);
1027 }
1028
1029 return (0);
1030 }
mirror of XNU