fs/hfsplus: Validate btree node size

The invalid btree node size can cause crashes when parsing the btree. The fix is to ensure the btree node size is within the valid range defined in the HFS Plus technical note, TN1150 [1]. [1] https://developer.apple.com/library/archive/technotes/tn/tn1150.html Signed-off-by: Lidong Chen <lidong.chen@oracle.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2023-05-03 17:32:17 +00:00 · 2023-05-03 17:32:17 +00:00 · 3f6b129bdc
commit 3f6b129bdc
parent 5cd59dbd06
1 changed files with 7 additions and 0 deletions
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@ -84,6 +84,9 @@ struct grub_hfsplus_catfile
 #define GRUB_HFSPLUS_FILEMODE_DIRECTORY	0040000
 #define GRUB_HFSPLUS_FILEMODE_SYMLINK	0120000

+#define HFSPLUS_BTNODE_MINSZ	(1 << 9)
+#define HFSPLUS_BTNODE_MAXSZ	(1 << 15)
+
 /* Some pre-defined file IDs.  */
 enum
  {
@ -584,6 +587,10 @@ grub_hfsplus_btree_search (struct grub_hfsplus_btree *btree,
      return 0;
    }

+  if (btree->nodesize < HFSPLUS_BTNODE_MINSZ ||
+      btree->nodesize > HFSPLUS_BTNODE_MAXSZ)
+    return grub_error (GRUB_ERR_BAD_FS, "invalid HFS+ btree node size");
+
  node = grub_malloc (btree->nodesize);
  if (! node)
    return grub_errno;