Re: [PATCH] NTFS comment expanded, small fix.

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Sun, 15 Apr 2001 20:16:02 +0200 (MEST)

Anton Altaparmakov wrote:
> >Also, the "start" value that is read from the record, could be much
> larger than expected, which could lead to accessing random data. The
> fixup should fail then, and this is also patched below.
>
> No it can't (in theory). The volume would be corrupt if it was. That kind
> of check belongs in ntfs fsck utility but not in kernel code.
>
> In any case, the correct check, if you want one, would be:
>
> if (start + (count * 2) > size)
> return 0;

Hi Anton,

Of course this is the better check. I was being sloppy.

I disagree with your "this belongs in an fsck-program". If this
condition triggers, then indeed, the filesystem is corrupt. But if the
"start" pointer is dereferenced, the kernel could be accessing an area
that you don't want touched (e.g. if the buffer happens to be near
enough to the "end-of-memory", you could "Ooops" .

The kernel should validate all user-input as much as possible, and an
ntfs-formatted-floppy should count as such.

The "fixup" routine has a bunch of "return 0" conditions. These are
similar to mine: If they trigger, the filesystem must be corrupt.
It's a sanity check, which is neccesary to keep Linux stable.

Roger. 

-- 
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* There are old pilots, and there are bold pilots. 
* There are also old, bald pilots. 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/