X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/8ad349bb6ed4a0be06e34c92be0d98b92e078db4..89b3af67bb32e691275bf6fa803d1834b2284115:/bsd/ufs/ffs/ffs_vfsops.c

diff --git a/bsd/ufs/ffs/ffs_vfsops.c b/bsd/ufs/ffs/ffs_vfsops.c
index 1a336022c..18b090997 100644
--- a/bsd/ufs/ffs/ffs_vfsops.c
+++ b/bsd/ufs/ffs/ffs_vfsops.c
@@ -1,31 +1,29 @@
 /*
- * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
- * @APPLE_LICENSE_OSREFERENCE_HEADER_START@
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
  * 
- * This file contains Original Code and/or Modifications of Original Code 
- * as defined in and that are subject to the Apple Public Source License 
- * Version 2.0 (the 'License'). You may not use this file except in 
- * compliance with the License.  The rights granted to you under the 
- * License may not be used to create, or enable the creation or 
- * redistribution of, unlawful or unlicensed copies of an Apple operating 
- * system, or to circumvent, violate, or enable the circumvention or 
- * violation of, any terms of an Apple operating system software license 
- * agreement.
- *
- * Please obtain a copy of the License at 
- * http://www.opensource.apple.com/apsl/ and read it before using this 
- * file.
- *
- * The Original Code and all software distributed under the License are 
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 
- * Please see the License for the specific language governing rights and 
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
  * limitations under the License.
- *
- * @APPLE_LICENSE_OSREFERENCE_HEADER_END@
+ * 
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
 /*
@@ -95,7 +93,7 @@
 #include <ufs/ffs/ffs_extern.h>
 #if REV_ENDIAN_FS
 #include <ufs/ufs/ufs_byte_order.h>
-#include <architecture/byte_order.h>
+#include <libkern/OSByteOrder.h>
 #endif /* REV_ENDIAN_FS */
 
 int ffs_sbupdate(struct ufsmount *, int);
@@ -361,7 +359,11 @@ ffs_reload(struct mount *mountp, kauth_cred_t cred, struct proc *p)
 	newfs = (struct fs *)buf_dataptr(bp);
 #if REV_ENDIAN_FS
 	if (rev_endian) {
-		byte_swap_sbin(newfs);
+		error = byte_swap_sbin(newfs);
+		if (error) {
+			buf_brelse(bp);
+			return (error);
+		}
 	}
 #endif /* REV_ENDIAN_FS */
 	if (newfs->fs_magic != FS_MAGIC || newfs->fs_bsize > MAXBSIZE ||
@@ -510,7 +512,9 @@ ffs_mountfs(devvp, mp, context)
 			error = EINVAL;
 			goto out;
 	    	}
-		byte_swap_sbin(fs);
+		if (error = byte_swap_sbin(fs))
+			goto out;
+
 		if (fs->fs_magic != FS_MAGIC || fs->fs_bsize > MAXBSIZE ||
 	    		fs->fs_bsize < sizeof(struct fs)) {
 			byte_swap_sbout(fs);
@@ -530,6 +534,13 @@ ffs_mountfs(devvp, mp, context)
 		goto out;
 	}
 
+	if (fs->fs_sbsize < 0 || fs->fs_sbsize > SBSIZE) {
+		error = EINVAL;
+		goto out;
+	}
+ 
+        /*
+         * Buffer cache does not handle multiple pages in a buf when
 
 	/*
 	 * Buffer cache does not handle multiple pages in a buf when
@@ -639,10 +650,28 @@ ffs_mountfs(devvp, mp, context)
 	bp = NULL;
 	fs = ump->um_fs;
 	fs->fs_ronly = ronly;
+	if (fs->fs_cssize < 1 || fs->fs_fsize < 1 || fs->fs_ncg < 1) {
+		error = EINVAL;
+		goto out;
+	}
+	if (fs->fs_frag < 1 || fs->fs_frag > MAXFRAG) {
+		error = EINVAL;
+		goto out;
+	}
+
 	size = fs->fs_cssize;
 	blks = howmany(size, fs->fs_fsize);
-	if (fs->fs_contigsumsize > 0)
+	if (fs->fs_contigsumsize > 0) {
+		if (fs->fs_ncg > INT_MAX / sizeof(int32_t) || size > INT_MAX - fs->fs_ncg * sizeof(int32_t)) {
+			error = EINVAL;
+			goto out;
+		}
 		size += fs->fs_ncg * sizeof(int32_t);
+	}
+	if (fs->fs_ncg > INT_MAX / sizeof(u_int8_t) || size > INT_MAX - fs->fs_ncg * sizeof(u_int8_t)) {
+		error = EINVAL;
+		goto out;
+	}
 	size += fs->fs_ncg * sizeof(u_int8_t);
 	space = _MALLOC((u_long)size, M_UFSMNT, M_WAITOK);
 	fs->fs_csp = space;
@@ -954,7 +983,7 @@ ffs_vfs_getattr(mp, fsap, context)
 			length = ulp->ul_namelen;
 #if REV_ENDIAN_FS
 			if (mp->mnt_flag & MNT_REVEND)
-				length = NXSwapShort(length);
+				length = OSSwapInt16(length);
 #endif
 			if (length > 0 && length <= UFS_MAX_LABEL_NAME) {
 				bcopy(ulp->ul_name, fsap->f_vol_name, length);
@@ -1082,14 +1111,15 @@ ffs_vfs_setattr(mp, fsap, context)
 
 		/* Copy new name over existing name */
 		ulp->ul_namelen = strlen(fsap->f_vol_name);
-#if REV_ENDIAN_FS
-		if (mp->mnt_flag & MNT_REVEND)
-			ulp->ul_namelen = NXSwapShort(ulp->ul_namelen);
-#endif
 		bcopy(fsap->f_vol_name, ulp->ul_name, ulp->ul_namelen);
 		ulp->ul_name[UFS_MAX_LABEL_NAME - 1] = '\0';
 		ulp->ul_name[ulp->ul_namelen] = '\0';
 
+#if REV_ENDIAN_FS
+		if (mp->mnt_flag & MNT_REVEND)
+			ulp->ul_namelen = OSSwapInt16(ulp->ul_namelen);
+#endif
+
 		/* Update the checksum */
 		ulp->ul_checksum = 0;
 		ulp->ul_checksum = ul_cksum(ulp, sizeof(*ulp));
@@ -1431,21 +1461,22 @@ ffs_fhtovp(mp, fhlen, fhp, vpp, context)
 	struct vnode *nvp;
 	struct fs *fs;
 	int error;
+	ino_t	  ino;
 
 	if (fhlen < (int)sizeof(struct ufid))
 		return (EINVAL);
 	ufhp = (struct ufid *)fhp;
 	fs = VFSTOUFS(mp)->um_fs;
-	if (ufhp->ufid_ino < ROOTINO ||
-	    ufhp->ufid_ino >= fs->fs_ncg * fs->fs_ipg)
+	ino = ntohl(ufhp->ufid_ino);
+	if (ino < ROOTINO || ino >= fs->fs_ncg * fs->fs_ipg)
 		return (ESTALE);
-	error = ffs_vget_internal(mp, ufhp->ufid_ino, &nvp, NULL, NULL, 0, 1);
+	error = ffs_vget_internal(mp, ino, &nvp, NULL, NULL, 0, 1);
 	if (error) {
 		*vpp = NULLVP;
 		return (error);
 	}
 	ip = VTOI(nvp);
-	if (ip->i_mode == 0 || ip->i_gen != ufhp->ufid_gen) {
+	if (ip->i_mode == 0 || ip->i_gen != ntohl(ufhp->ufid_gen)) {
 		vnode_put(nvp);
 		*vpp = NULLVP;
 		return (ESTALE);
@@ -1472,8 +1503,8 @@ ffs_vptofh(vp, fhlenp, fhp, context)
 		return (EOVERFLOW);
 	ip = VTOI(vp);
 	ufhp = (struct ufid *)fhp;
-	ufhp->ufid_ino = ip->i_number;
-	ufhp->ufid_gen = ip->i_gen;
+	ufhp->ufid_ino = htonl(ip->i_number);
+	ufhp->ufid_gen = htonl(ip->i_gen);
 	*fhlenp = sizeof(struct ufid);
 	return (0);
 }
@@ -1599,7 +1630,7 @@ ffs_sbupdate(mp, waitfor)
 	*  before writing
 	*/
 	if (rev_endian) {
-		dfs->fs_maxfilesize = NXSwapLongLong(mp->um_savedmaxfilesize);		/* XXX */
+		dfs->fs_maxfilesize = OSSwapInt64(mp->um_savedmaxfilesize);		/* XXX */
 	} else {
 #endif /* REV_ENDIAN_FS */
 		dfs->fs_maxfilesize = mp->um_savedmaxfilesize;	/* XXX */