drinkingtea/ox
2
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Fix some issues in in FileStore::alloc that caused buffer overflows

Browse Source
This commit is contained in:
Gary Talent
2017-04-11 19:55:17 -05:00
parent 8eb73298f5
commit 78edb14d76
2 changed files with 29 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ox/fs/filestore.hpp
+17 -29
View File
@@ -276,15 +276,9 @@ class FileStore {
*/ */
bool insert(Inode *root, Inode *insertValue); bool insert(Inode *root, Inode *insertValue);
/**
* Gets the FsSize_t associated with the next Inode to be allocated.
* @retrun the FsSize_t associated with the next Inode to be allocated
*/
typename Header::FsSize_t iterator();
typename Header::FsSize_t firstInode(); typename Header::FsSize_t firstInode();
Inode *lastInode(); typename Header::FsSize_t lastInode();
/** /**
* Updates the address of the inode in the tree. * Updates the address of the inode in the tree.
@@ -326,7 +320,7 @@ void FileStore<Header>::Inode::setDataLen(typename Header::FsSize_t dataLen) {
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::Inode::getDataLen() { typename Header::FsSize_t FileStore<Header>::Inode::getDataLen() {
return std::bigEndianAdapt(this->m_dataLen); return std::bigEndianAdapt(m_dataLen);
} }
template<typename Header> template<typename Header>
@@ -336,7 +330,7 @@ void FileStore<Header>::Inode::setPrev(typename Header::FsSize_t prev) {
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::Inode::getPrev() { typename Header::FsSize_t FileStore<Header>::Inode::getPrev() {
return std::bigEndianAdapt(this->m_prev); return std::bigEndianAdapt(m_prev);
} }
template<typename Header> template<typename Header>
@@ -346,7 +340,7 @@ void FileStore<Header>::Inode::setNext(typename Header::FsSize_t next) {
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::Inode::getNext() { typename Header::FsSize_t FileStore<Header>::Inode::getNext() {
return std::bigEndianAdapt(this->m_next); return std::bigEndianAdapt(m_next);
} }
template<typename Header> template<typename Header>
@@ -356,7 +350,7 @@ void FileStore<Header>::Inode::setId(InodeId_t id) {
template<typename Header> template<typename Header>
typename Header::InodeId_t FileStore<Header>::Inode::getId() { typename Header::InodeId_t FileStore<Header>::Inode::getId() {
return std::bigEndianAdapt(this->m_id); return std::bigEndianAdapt(m_id);
} }
template<typename Header> template<typename Header>
@@ -366,7 +360,7 @@ void FileStore<Header>::Inode::setFileType(uint8_t fileType) {
template<typename Header> template<typename Header>
uint8_t FileStore<Header>::Inode::getFileType() { uint8_t FileStore<Header>::Inode::getFileType() {
return std::bigEndianAdapt(this->m_fileType); return std::bigEndianAdapt(m_fileType);
} }
template<typename Header> template<typename Header>
@@ -376,7 +370,7 @@ void FileStore<Header>::Inode::setLeft(typename Header::FsSize_t left) {
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::Inode::getLeft() { typename Header::FsSize_t FileStore<Header>::Inode::getLeft() {
return std::bigEndianAdapt(this->m_left); return std::bigEndianAdapt(m_left);
} }
template<typename Header> template<typename Header>
@@ -386,12 +380,12 @@ void FileStore<Header>::Inode::setRight(typename Header::FsSize_t right) {
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::Inode::getRight() { typename Header::FsSize_t FileStore<Header>::Inode::getRight() {
return std::bigEndianAdapt(this->m_right); return std::bigEndianAdapt(m_right);
} }
template<typename Header> template<typename Header>
void FileStore<Header>::Inode::setData(void *data, typename Header::FsSize_t size) { void FileStore<Header>::Inode::setData(void *data, typename Header::FsSize_t size) {
ox_memcpy(this->getData(), data, size); ox_memcpy(getData(), data, size);
setDataLen(size); setDataLen(size);
} }
@@ -630,17 +624,16 @@ typename FileStore<Header>::Inode *FileStore<Header>::getInodeParent(Inode *root
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::nextInodeAddr() { typename Header::FsSize_t FileStore<Header>::nextInodeAddr() {
typename Header::FsSize_t next = ptr(lastInode()) + lastInode()->size(); return lastInode() + ptr<Inode*>(lastInode())->size();
return next;
} }
template<typename Header> template<typename Header>
void *FileStore<Header>::alloc(typename Header::FsSize_t size) { void *FileStore<Header>::alloc(typename Header::FsSize_t size) {
typename Header::FsSize_t next = nextInodeAddr(); auto next = nextInodeAddr();
if ((next + size) > (uint64_t) end()) { if ((next + size) > ptr(end())) {
compact(); compact();
next = nextInodeAddr(); next = nextInodeAddr();
if ((next + size) > (uint64_t) end()) { if ((next + size) > ptr(end())) {
return nullptr; return nullptr;
} }
} }
@@ -649,7 +642,7 @@ void *FileStore<Header>::alloc(typename Header::FsSize_t size) {
const auto inode = ptr<Inode*>(retval); const auto inode = ptr<Inode*>(retval);
ox_memset(inode, 0, size); ox_memset(inode, 0, size);
inode->setPrev(ptr<Inode*>(firstInode())->getPrev()); inode->setPrev(ptr<Inode*>(firstInode())->getPrev());
inode->setNext(retval + size); inode->setNext(firstInode());
m_header.setMemUsed(m_header.getMemUsed() + size); m_header.setMemUsed(m_header.getMemUsed() + size);
ptr<Inode*>(firstInode())->setPrev(retval); ptr<Inode*>(firstInode())->setPrev(retval);
return inode; return inode;
@@ -697,11 +690,6 @@ bool FileStore<Header>::insert(Inode *root, Inode *insertValue) {
return retval; return retval;
} }
template<typename Header>
typename Header::FsSize_t FileStore<Header>::iterator() {
return ptr(lastInode()) + lastInode()->size();
}
template<typename Header> template<typename Header>
typename Header::FsSize_t FileStore<Header>::ptr(void *ptr) { typename Header::FsSize_t FileStore<Header>::ptr(void *ptr) {
#ifdef _MSC_VER #ifdef _MSC_VER
@@ -719,8 +707,8 @@ typename Header::FsSize_t FileStore<Header>::firstInode() {
} }
template<typename Header> template<typename Header>
typename FileStore<Header>::Inode *FileStore<Header>::lastInode() { typename Header::FsSize_t FileStore<Header>::lastInode() {
return ptr<Inode*>(ptr<Inode*>(firstInode())->getPrev()); return ptr<Inode*>(firstInode())->getPrev();
} }
template<typename Header> template<typename Header>
@@ -744,7 +732,7 @@ uint8_t *FileStore<Header>::format(uint8_t *buffer, typename Header::FsSize_t si
fs->m_header.setMemUsed(sizeof(FileStore<Header>) + sizeof(Inode)); fs->m_header.setMemUsed(sizeof(FileStore<Header>) + sizeof(Inode));
fs->m_header.setRootInode(sizeof(FileStore<Header>)); fs->m_header.setRootInode(sizeof(FileStore<Header>));
((Inode*) (fs + 1))->setPrev(sizeof(FileStore<Header>)); ((Inode*) (fs + 1))->setPrev(sizeof(FileStore<Header>));
fs->lastInode()->setNext(sizeof(FileStore<Header>)); ((Inode*) (fs + 1))->setNext(sizeof(FileStore<Header>));
return (uint8_t*) buffer; return (uint8_t*) buffer;
} }
src/ox/fs/oxfstool.cpp
+12 -9
View File
@@ -55,8 +55,9 @@ size_t bytes(const char *str) {
auto size = ::ox_strlen(str); auto size = ::ox_strlen(str);
const auto lastChar = str[size-1]; const auto lastChar = str[size-1];
auto multiplier = 1; auto multiplier = 1;
auto copy = new char[size]; char copy[size + 1];
ox_memcpy(copy, str, size); ox_memcpy(copy, str, size + 1);
// parse size unit
if (lastChar < '0' || lastChar > '9') { if (lastChar < '0' || lastChar > '9') {
copy[size-1] = 0; copy[size-1] = 0;
switch (lastChar) { switch (lastChar) {
@@ -76,9 +77,7 @@ size_t bytes(const char *str) {
multiplier = -1; multiplier = -1;
} }
} }
const auto retval = ((size_t) ox_atoi(copy)) * multiplier; return ox_atoi(copy) * multiplier;
delete []copy;
return retval;
} }
int format(int argc, char **args) { int format(int argc, char **args) {
@@ -86,13 +85,10 @@ int format(int argc, char **args) {
auto err = 0; auto err = 0;
if (argc >= 5) { if (argc >= 5) {
auto type = ox_atoi(args[2]); auto type = ox_atoi(args[2]);
cout << args[3] << endl;
auto size = bytes(args[3]); auto size = bytes(args[3]);
auto path = args[4]; auto path = args[4];
auto buff = (uint8_t*) malloc(size); auto buff = (uint8_t*) malloc(size);
cout << "Size: " << size << " bytes\n";
cout << "Type: " << type << endl;
if (size < sizeof(FileStore64)) { if (size < sizeof(FileStore64)) {
err = 1; err = 1;
@@ -198,10 +194,11 @@ int write(int argc, char **args, bool expand) {
if (itemsRead) { if (itemsRead) {
auto srcBuff = loadFileBuff(srcPath, &srcSize); auto srcBuff = loadFileBuff(srcPath, &srcSize);
if (srcBuff) { if (srcBuff) {
auto expanded = false;
auto fs = createFileSystem(fsBuff); auto fs = createFileSystem(fsBuff);
if (fs) { if (fs) {
if (expand && fs->available() <= srcSize) { if (expand && fs->available() <= srcSize) {
auto needed = fs->spaceNeeded(inode, srcSize); auto needed = fs->size() + fs->spaceNeeded(inode, srcSize);
auto cloneBuff = new uint8_t[needed]; auto cloneBuff = new uint8_t[needed];
ox_memcpy(cloneBuff, fsBuff, fsSize); ox_memcpy(cloneBuff, fsBuff, fsSize);
@@ -214,6 +211,12 @@ int write(int argc, char **args, bool expand) {
fs->resize(fsSize); fs->resize(fsSize);
} }
err |= fs->write(inode, srcBuff, srcSize); err |= fs->write(inode, srcBuff, srcSize);
// compact the file system if it was expanded
if (expanded) {
fs->resize();
}
if (err) { if (err) {
fprintf(stderr, "Could not write to file system.\n"); fprintf(stderr, "Could not write to file system.\n");
} }