X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/ff6e181ae92fc6f1e89841290f461d1f2f9badd9..935ed37a5c468c8a1c07408573c08b8b7ef80e8b:/bsd/hfs/hfs_endian.c?ds=sidebyside diff --git a/bsd/hfs/hfs_endian.c b/bsd/hfs/hfs_endian.c index 6bc586c70..e5775bfbc 100644 --- a/bsd/hfs/hfs_endian.c +++ b/bsd/hfs/hfs_endian.c @@ -1,14 +1,19 @@ /* - * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2008 Apple Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER @@ -18,7 +23,7 @@ * Please see the License for the specific language governing rights and * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* @@ -28,8 +33,6 @@ * volume format. */ -#include - #include "hfs_endian.h" #include "hfs_dbg.h" #include "hfscommon/headers/BTreesPrivate.h" @@ -80,13 +83,14 @@ int hfs_swap_BTNode ( BlockDescriptor *src, vnode_t vp, - enum HFSBTSwapDirection direction + enum HFSBTSwapDirection direction, + u_int8_t allow_empty_node ) { BTNodeDescriptor *srcDesc = src->buffer; - UInt16 *srcOffs = NULL; + u_int16_t *srcOffs = NULL; BTreeControlBlockPtr btcb = (BTreeControlBlockPtr)VTOF(vp)->fcbBTCBPtr; - UInt32 i; + u_int32_t i; int error = 0; #ifdef ENDIAN_DEBUG @@ -116,12 +120,12 @@ hfs_swap_BTNode ( */ if (btcb->totalNodes != 0) { if (srcDesc->fLink >= btcb->totalNodes) { - printf("hfs_swap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink); + printf("hfs_swap_BTNode: invalid forward link (0x%08x >= 0x%08x)\n", srcDesc->fLink, btcb->totalNodes); error = fsBTInvalidHeaderErr; goto fail; } if (srcDesc->bLink >= btcb->totalNodes) { - printf("hfs_swap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink); + printf("hfs_swap_BTNode: invalid backward link (0x%08x >= 0x%08x)\n", srcDesc->bLink, btcb->totalNodes); error = fsBTInvalidHeaderErr; goto fail; } @@ -152,7 +156,7 @@ hfs_swap_BTNode ( /* * Swap the node offsets (including the free space one!). */ - srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16)))); + srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t)))); /* * Sanity check that the record offsets are within the node itself. @@ -174,9 +178,13 @@ hfs_swap_BTNode ( * Sanity check: must be even, and within the node itself. * * We may be called to swap an unused node, which contains all zeroes. - * This is why we allow the record offset to be zero. + * Unused nodes are expected only when allow_empty_node is true. + * If it is false and record offset is zero, return error. */ - if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) { + if ((srcOffs[i] & 1) || ( + (allow_empty_node == false) && (srcOffs[i] == 0)) || + (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || + (srcOffs[i] >= src->blockSize)) { printf("hfs_swap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); error = fsBTInvalidHeaderErr; goto fail; @@ -245,15 +253,15 @@ hfs_swap_BTNode ( */ if (direction == kSwapBTNodeHostToBig) { /* - * Sanity check and swap the forkward and backward links. + * Sanity check and swap the forward and backward links. */ if (srcDesc->fLink >= btcb->totalNodes) { - printf("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink); + panic("hfs_UNswap_BTNode: invalid forward link (0x%08X)\n", srcDesc->fLink); error = fsBTInvalidHeaderErr; goto fail; } if (srcDesc->bLink >= btcb->totalNodes) { - printf("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink); + panic("hfs_UNswap_BTNode: invalid backward link (0x%08X)\n", srcDesc->bLink); error = fsBTInvalidHeaderErr; goto fail; } @@ -264,7 +272,7 @@ hfs_swap_BTNode ( * Check srcDesc->kind. Don't swap it because it's only one byte. */ if (srcDesc->kind < kBTLeafNode || srcDesc->kind > kBTMapNode) { - printf("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind); + panic("hfs_UNswap_BTNode: invalid node kind (%d)\n", srcDesc->kind); error = fsBTInvalidHeaderErr; goto fail; } @@ -273,7 +281,7 @@ hfs_swap_BTNode ( * Check srcDesc->height. Don't swap it because it's only one byte. */ if (srcDesc->height > btcb->treeDepth) { - printf("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height); + panic("hfs_UNswap_BTNode: invalid node height (%d)\n", srcDesc->height); error = fsBTInvalidHeaderErr; goto fail; } @@ -283,14 +291,14 @@ hfs_swap_BTNode ( /* * Swap the node offsets (including the free space one!). */ - srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (UInt16)))); + srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - ((srcDesc->numRecords + 1) * sizeof (u_int16_t)))); /* * Sanity check that the record offsets are within the node itself. */ if ((char *)srcOffs > ((char *)src->buffer + src->blockSize) || (char *)srcOffs < ((char *)src->buffer + sizeof(BTNodeDescriptor))) { - printf("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords); + panic("hfs_UNswap_BTNode: invalid record count (0x%04X)\n", srcDesc->numRecords); error = fsBTInvalidHeaderErr; goto fail; } @@ -303,10 +311,16 @@ hfs_swap_BTNode ( * Sanity check: must be even, and within the node itself. * * We may be called to swap an unused node, which contains all zeroes. + * This can happen when the last record from a node gets deleted. * This is why we allow the record offset to be zero. + * Unused nodes are expected only when allow_empty_node is true + * (the caller should set it to true for kSwapBTNodeBigToHost). */ - if ((srcOffs[i] & 1) || (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || (srcOffs[i] >= src->blockSize)) { - printf("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + if ((srcOffs[i] & 1) || + ((allow_empty_node == false) && (srcOffs[i] == 0)) || + (srcOffs[i] < sizeof(BTNodeDescriptor) && srcOffs[i] != 0) || + (srcOffs[i] >= src->blockSize)) { + panic("hfs_UNswap_BTNode: record #%d invalid offset (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); error = fsBTInvalidHeaderErr; goto fail; } @@ -316,7 +330,7 @@ hfs_swap_BTNode ( * them backwards, hence the order in the comparison. */ if ((i < srcDesc->numRecords) && (srcOffs[i+1] >= srcOffs[i])) { - printf("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n", + panic("hfs_UNswap_BTNode: offsets %d and %d out of order (0x%04X, 0x%04X)\n", srcDesc->numRecords-i-2, srcDesc->numRecords-i-1, srcOffs[i+1], srcOffs[i]); error = fsBTInvalidHeaderErr; goto fail; @@ -335,7 +349,7 @@ fail: */ printf("node=%lld fileID=%u volume=%s device=%s\n", src->blockNum, VTOC(vp)->c_fileid, VTOVCB(vp)->vcbVN, vfs_statfs(vnode_mount(vp))->f_mntfromname); - VTOVCB(vp)->vcbFlags |= kHFS_DamagedVolume; + hfs_mark_volume_inconsistent(VTOVCB(vp)); } return (error); @@ -349,10 +363,16 @@ hfs_swap_HFSPlusBTInternalNode ( ) { BTNodeDescriptor *srcDesc = src->buffer; - UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16)))); - char *nextRecord; /* Points to start of record following current one */ - UInt32 i; - UInt32 j; + u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t)))); + char *nextRecord; /* Points to start of record following current one */ + + /* + * i is an int32 because it needs to be negative to index the offset to free space. + * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok. + */ + + int32_t i; + u_int32_t j; if (fileID == kHFSExtentsFileID) { HFSPlusExtentKey *srcKey; @@ -360,7 +380,7 @@ hfs_swap_HFSPlusBTInternalNode ( size_t recordSize; /* Size of the data part of the record, or node number for index nodes */ if (srcDesc->kind == kBTIndexNode) - recordSize = sizeof(UInt32); + recordSize = sizeof(u_int32_t); else recordSize = sizeof(HFSPlusExtentDescriptor); @@ -382,14 +402,22 @@ hfs_swap_HFSPlusBTInternalNode ( * below. */ if ((char *)srcKey + sizeof(HFSPlusExtentKey) + recordSize > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } return fsBTInvalidNodeErr; } if (direction == kSwapBTNodeBigToHost) srcKey->keyLength = SWAP_BE16 (srcKey->keyLength); if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) { - printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } return fsBTInvalidNodeErr; } srcRec = (HFSPlusExtentDescriptor *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength)); @@ -404,7 +432,7 @@ hfs_swap_HFSPlusBTInternalNode ( if (srcDesc->kind == kBTIndexNode) { /* For index nodes, the record data is just a child node number. */ - *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec)); + *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec)); } else { /* Swap the extent data */ for (j = 0; j < kHFSPlusExtentDensity; j++) { @@ -416,7 +444,7 @@ hfs_swap_HFSPlusBTInternalNode ( } else if (fileID == kHFSCatalogFileID) { HFSPlusCatalogKey *srcKey; - SInt16 *srcPtr; + int16_t *srcPtr; u_int16_t keyLength; for (i = 0; i < srcDesc->numRecords; i++) { @@ -431,9 +459,14 @@ hfs_swap_HFSPlusBTInternalNode ( nextRecord = (char *)src->buffer + srcOffs[i-1]; /* - * Make sure we can safely dereference the keyLength and parentID fields. */ + * Make sure we can safely dereference the keyLength and parentID fields. + */ if ((char *)srcKey + offsetof(HFSPlusCatalogKey, nodeName.unicode[0]) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } return fsBTInvalidNodeErr; } @@ -448,7 +481,11 @@ hfs_swap_HFSPlusBTInternalNode ( /* Sanity check the key length */ if (keyLength < kHFSPlusCatalogKeyMinimumLength || keyLength > kHFSPlusCatalogKeyMaximumLength) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, keyLength); + } return fsBTInvalidNodeErr; } @@ -456,9 +493,13 @@ hfs_swap_HFSPlusBTInternalNode ( * Make sure that we can safely dereference the record's type field or * an index node's child node number. */ - srcPtr = (SInt16 *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength)); - if ((char *)srcPtr + sizeof(UInt32) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1); + srcPtr = (int16_t *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength)); + if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) { + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -472,9 +513,15 @@ hfs_swap_HFSPlusBTInternalNode ( /* Make sure name length is consistent with key length */ if (keyLength < sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) + srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%d\n", - srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) + - srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n", + srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) + + srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog record #%d keyLength=%d expected=%lu\n", + srcDesc->numRecords-i, keyLength, sizeof(srcKey->parentID) + sizeof(srcKey->nodeName.length) + + srcKey->nodeName.length*sizeof(srcKey->nodeName.unicode[0])); + } return fsBTInvalidNodeErr; } for (j = 0; j < srcKey->nodeName.length; j++) { @@ -488,7 +535,7 @@ hfs_swap_HFSPlusBTInternalNode ( * Skip over swapping the various types of catalog record. */ if (srcDesc->kind == kBTIndexNode) { - *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr)); + *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr)); continue; } @@ -499,7 +546,11 @@ hfs_swap_HFSPlusBTInternalNode ( if (srcPtr[0] == kHFSPlusFolderRecord) { HFSPlusCatalogFolder *srcRec = (HFSPlusCatalogFolder *)srcPtr; if ((char *)srcRec + sizeof(*srcRec) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -525,12 +576,16 @@ hfs_swap_HFSPlusBTInternalNode ( /* Don't swap srcRec->userInfo */ /* Don't swap srcRec->finderInfo */ - /* Don't swap srcRec->reserved */ - + srcRec->folderCount = SWAP_BE32 (srcRec->folderCount); + } else if (srcPtr[0] == kHFSPlusFileRecord) { HFSPlusCatalogFile *srcRec = (HFSPlusCatalogFile *)srcPtr; if ((char *)srcRec + sizeof(*srcRec) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -554,8 +609,12 @@ hfs_swap_HFSPlusBTInternalNode ( srcRec->bsdInfo.special.iNodeNum = SWAP_BE32 (srcRec->bsdInfo.special.iNodeNum); srcRec->textEncoding = SWAP_BE32 (srcRec->textEncoding); - - /* Don't swap srcRec->reserved1 */ + + /* If kHFSHasLinkChainBit is set, reserved1 is hl_FirstLinkID. + * In all other context, it is expected to be zero. + */ + srcRec->reserved1 = SWAP_BE32 (srcRec->reserved1); + /* Don't swap srcRec->userInfo */ /* Don't swap srcRec->finderInfo */ /* Don't swap srcRec->reserved2 */ @@ -571,7 +630,11 @@ hfs_swap_HFSPlusBTInternalNode ( */ HFSPlusCatalogThread *srcRec = (HFSPlusCatalogThread *)srcPtr; if ((char *) &srcRec->nodeName.unicode[0] > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -587,7 +650,11 @@ hfs_swap_HFSPlusBTInternalNode ( * Then swap the characters of the name itself. */ if ((char *) &srcRec->nodeName.unicode[srcRec->nodeName.length] > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } for (j = 0; j < srcRec->nodeName.length; j++) { @@ -598,7 +665,11 @@ hfs_swap_HFSPlusBTInternalNode ( srcRec->nodeName.length = SWAP_BE16 (srcRec->nodeName.length); } else { - printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -626,7 +697,11 @@ hfs_swap_HFSPlusBTInternalNode ( /* Make sure there is room in the buffer for a minimal key */ if ((char *) &srcKey->attrName[1] > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } return fsBTInvalidNodeErr; } @@ -643,7 +718,11 @@ hfs_swap_HFSPlusBTInternalNode ( */ srcRec = (HFSPlusAttrRecord *)((char *)srcKey + keyLength + sizeof(srcKey->keyLength)); if ((char *)srcRec + sizeof(u_int32_t) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d too big (%d)\n", srcDesc->numRecords-i-1, keyLength); + } return fsBTInvalidNodeErr; } @@ -657,7 +736,11 @@ hfs_swap_HFSPlusBTInternalNode ( srcKey->attrNameLen = SWAP_BE16(srcKey->attrNameLen); /* Sanity check the attribute name length */ if (srcKey->attrNameLen > kHFSMaxAttrNameLen || keyLength < (kHFSPlusAttrKeyMinimumLength + sizeof(u_int16_t)*srcKey->attrNameLen)) { - printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr key #%d keyLength=%d attrNameLen=%d\n", srcDesc->numRecords-i-1, keyLength, srcKey->attrNameLen); + } return fsBTInvalidNodeErr; } for (j = 0; j < srcKey->attrNameLen; j++) @@ -670,7 +753,7 @@ hfs_swap_HFSPlusBTInternalNode ( * Skip over swapping the various types of attribute record. */ if (srcDesc->kind == kBTIndexNode) { - *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec)); + *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec)); continue; } @@ -681,7 +764,11 @@ hfs_swap_HFSPlusBTInternalNode ( case kHFSPlusAttrInlineData: /* Is there room for the inline data header? */ if ((char *) &srcRec->attrData.attrData[0] > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -696,7 +783,11 @@ hfs_swap_HFSPlusBTInternalNode ( /* Is there room for the inline attribute data? */ if ((char *) &srcRec->attrData.attrData[attrSize] > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr inline #%d too big (attrSize=%u)\n", srcDesc->numRecords-i-1, attrSize); + } return fsBTInvalidNodeErr; } @@ -706,7 +797,11 @@ hfs_swap_HFSPlusBTInternalNode ( case kHFSPlusAttrForkData: /* Is there room for the fork data record? */ if ((char *)srcRec + sizeof(HFSPlusAttrForkData) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr fork data #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -718,7 +813,11 @@ hfs_swap_HFSPlusBTInternalNode ( case kHFSPlusAttrExtents: /* Is there room for an extent record? */ if ((char *)srcRec + sizeof(HFSPlusAttrExtents) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: attr extents #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -738,7 +837,7 @@ hfs_swap_HFSPlusBTInternalNode ( } else if (fileID > kHFSFirstUserCatalogNodeID) { /* The only B-tree with a non-system CNID that we use is the hotfile B-tree */ HotFileKey *srcKey; - UInt32 *srcRec; + u_int32_t *srcRec; for (i = 0; i < srcDesc->numRecords; i++) { /* Point to the start of the record we're currently checking. */ @@ -751,9 +850,13 @@ hfs_swap_HFSPlusBTInternalNode ( */ nextRecord = (char *)src->buffer + srcOffs[i-1]; - /* Make sure there is room for the key (HotFileKey) and data (UInt32) */ - if ((char *)srcKey + sizeof(HotFileKey) + sizeof(UInt32) > nextRecord) { - printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + /* Make sure there is room for the key (HotFileKey) and data (u_int32_t) */ + if ((char *)srcKey + sizeof(HotFileKey) + sizeof(u_int32_t) > nextRecord) { + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } return fsBTInvalidNodeErr; } @@ -761,7 +864,11 @@ hfs_swap_HFSPlusBTInternalNode ( if (direction == kSwapBTNodeBigToHost) srcKey->keyLength = SWAP_BE16 (srcKey->keyLength); if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) { - printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } else { + printf("hfs_swap_HFSPlusBTInternalNode: hotfile #%d incorrect keyLength %d\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } return fsBTInvalidNodeErr; } srcRec = (u_int32_t *)((char *)srcKey + srcKey->keyLength + sizeof(srcKey->keyLength)); @@ -774,7 +881,7 @@ hfs_swap_HFSPlusBTInternalNode ( srcKey->temperature = SWAP_BE32 (srcKey->temperature); srcKey->fileID = SWAP_BE32 (srcKey->fileID); - *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec)); + *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec)); } } else { panic ("hfs_swap_HFSPlusBTInternalNode: fileID %u is not a system B-tree\n", fileID); @@ -792,11 +899,15 @@ hfs_swap_HFSBTInternalNode ( ) { BTNodeDescriptor *srcDesc = src->buffer; - UInt16 *srcOffs = (UInt16 *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (UInt16)))); + u_int16_t *srcOffs = (u_int16_t *)((char *)src->buffer + (src->blockSize - (srcDesc->numRecords * sizeof (u_int16_t)))); char *nextRecord; /* Points to start of record following current one */ - UInt32 i; - UInt32 j; + /* + * i is an int32 because it needs to be negative to index the offset to free space. + * srcDesc->numRecords is a u_int16_t and is unlikely to become 32-bit so this should be ok. + */ + int32_t i; + u_int32_t j; if (fileID == kHFSExtentsFileID) { HFSExtentKey *srcKey; @@ -804,7 +915,7 @@ hfs_swap_HFSBTInternalNode ( size_t recordSize; /* Size of the data part of the record, or node number for index nodes */ if (srcDesc->kind == kBTIndexNode) - recordSize = sizeof(UInt32); + recordSize = sizeof(u_int32_t); else recordSize = sizeof(HFSExtentDescriptor); @@ -826,13 +937,21 @@ hfs_swap_HFSBTInternalNode ( * below. */ if ((char *)srcKey + sizeof(HFSExtentKey) + recordSize > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } else { + printf("hfs_swap_HFSBTInternalNode: extents key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } return fsBTInvalidNodeErr; } /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */ if (srcKey->keyLength != sizeof(*srcKey) - sizeof(srcKey->keyLength)) { - printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } else { + printf("hfs_swap_HFSBTInternalNode: extents key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } return fsBTInvalidNodeErr; } @@ -846,7 +965,7 @@ hfs_swap_HFSBTInternalNode ( if (srcDesc->kind == kBTIndexNode) { /* For index nodes, the record data is just a child node number. */ - *((UInt32 *)srcRec) = SWAP_BE32 (*((UInt32 *)srcRec)); + *((u_int32_t *)srcRec) = SWAP_BE32 (*((u_int32_t *)srcRec)); } else { /* Swap the extent data */ for (j = 0; j < kHFSExtentDensity; j++) { @@ -858,7 +977,7 @@ hfs_swap_HFSBTInternalNode ( } else if (fileID == kHFSCatalogFileID) { HFSCatalogKey *srcKey; - SInt16 *srcPtr; + int16_t *srcPtr; unsigned expectedKeyLength; for (i = 0; i < srcDesc->numRecords; i++) { @@ -879,13 +998,21 @@ hfs_swap_HFSBTInternalNode ( * record start to an even offset, which forms a minimal key. */ if ((char *)srcKey + 8 > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog key #%d offset too big (0x%04X)\n", srcDesc->numRecords-i-1, srcOffs[i]); + } return fsBTInvalidNodeErr; } /* Don't swap srcKey->keyLength (it's only one byte), but do sanity check it */ if (srcKey->keyLength < kHFSCatalogKeyMinimumLength || srcKey->keyLength > kHFSCatalogKeyMaximumLength) { - printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog key #%d invalid length (%d)\n", srcDesc->numRecords-i-1, srcKey->keyLength); + } return fsBTInvalidNodeErr; } @@ -901,20 +1028,29 @@ hfs_swap_HFSBTInternalNode ( else expectedKeyLength = srcKey->nodeName[0] + kHFSCatalogKeyMinimumLength; if (srcKey->keyLength < expectedKeyLength) { - printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n", - srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n", + srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog record #%d keyLength=%u expected=%u\n", + srcDesc->numRecords-i, srcKey->keyLength, expectedKeyLength); + } return fsBTInvalidNodeErr; } /* Point to record data (round up to even byte boundary) */ - srcPtr = (SInt16 *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1)); + srcPtr = (int16_t *)((char *)srcKey + ((srcKey->keyLength + 2) & ~1)); /* * Make sure that we can safely dereference the record's type field or * and index node's child node number. */ - if ((char *)srcPtr + sizeof(UInt32) > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1); + if ((char *)srcPtr + sizeof(u_int32_t) > nextRecord) { + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog key #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -923,7 +1059,7 @@ hfs_swap_HFSBTInternalNode ( * Skip over swapping the various types of catalog record. */ if (srcDesc->kind == kBTIndexNode) { - *((UInt32 *)srcPtr) = SWAP_BE32 (*((UInt32 *)srcPtr)); + *((u_int32_t *)srcPtr) = SWAP_BE32 (*((u_int32_t *)srcPtr)); continue; } @@ -934,7 +1070,11 @@ hfs_swap_HFSBTInternalNode ( if (srcPtr[0] == kHFSFolderRecord) { HFSCatalogFolder *srcRec = (HFSCatalogFolder *)srcPtr; if ((char *)srcRec + sizeof(*srcRec) > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog folder record #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -953,7 +1093,11 @@ hfs_swap_HFSBTInternalNode ( } else if (srcPtr[0] == kHFSFileRecord) { HFSCatalogFile *srcRec = (HFSCatalogFile *)srcPtr; if ((char *)srcRec + sizeof(*srcRec) > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog file record #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -980,7 +1124,7 @@ hfs_swap_HFSBTInternalNode ( srcRec->clumpSize = SWAP_BE16 (srcRec->clumpSize); - /* Swap the two sets of extents as an array of six (three each) UInt16 */ + /* Swap the two sets of extents as an array of six (three each) u_int16_t */ for (j = 0; j < kHFSExtentDensity * 2; j++) { srcRec->dataExtents[j].startBlock = SWAP_BE16 (srcRec->dataExtents[j].startBlock); srcRec->dataExtents[j].blockCount = SWAP_BE16 (srcRec->dataExtents[j].blockCount); @@ -994,7 +1138,11 @@ hfs_swap_HFSBTInternalNode ( /* Make sure there is room for parentID and name length */ if ((char *) &srcRec->nodeName[1] > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } @@ -1006,11 +1154,19 @@ hfs_swap_HFSBTInternalNode ( /* Make sure there is room for the name in the buffer */ if ((char *) &srcRec->nodeName[srcRec->nodeName[0]] > nextRecord) { - printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSBTInternalNode: catalog thread record #%d name too big\n", srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; } } else { - printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1); + if (direction == kSwapBTNodeHostToBig) { + panic("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1); + } else { + printf("hfs_swap_HFSBTInternalNode: unrecognized catalog record type (0x%04X; record #%d)\n", srcPtr[0], srcDesc->numRecords-i-1); + } return fsBTInvalidNodeErr; }