diff options
author | Grigoriy Orlov <gluk@cvs.openbsd.org> | 2001-04-13 02:39:07 +0000 |
---|---|---|
committer | Grigoriy Orlov <gluk@cvs.openbsd.org> | 2001-04-13 02:39:07 +0000 |
commit | 9bff9fb87213262bc5d1afd9333ad540d9e99c54 (patch) | |
tree | 5797ca5b1e346d54d4606ff7293258862d4b223b /sbin/dumpfs/dumpfs.c | |
parent | 5af2b89b71f9bb495e071539ea9548813c712c7c (diff) |
Fix overflow in superblock. From FreeBSD.
FreeBSD's log:
> The ffs superblock includes a 128-byte region for use by temporary
> in-core pointers to summary information. An array in this region
> (fs_csp) could overflow on filesystems with a very large number of
> cylinder groups (~16000 on i386 with 8k blocks). When this happens,
> other fields in the superblock get corrupted, and fsck refuses to
> check the filesystem.
>
> Solve this problem by replacing the fs_csp array in 'struct fs'
> with a single pointer, and add padding to keep the length of the
> 128-byte region fixed. Update the kernel and userland utilities
> to use just this single pointer.
>
> With this change, the kernel no longer makes use of the superblock
> fields 'fs_csshift' and 'fs_csmask'. Add a comment to newfs/mkfs.c
> to indicate that these fields must be calculated for compatibility
> with older kernels.
art@ ok.
Diffstat (limited to 'sbin/dumpfs/dumpfs.c')
-rw-r--r-- | sbin/dumpfs/dumpfs.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sbin/dumpfs/dumpfs.c b/sbin/dumpfs/dumpfs.c index fbd343f159e..9123aa67d42 100644 --- a/sbin/dumpfs/dumpfs.c +++ b/sbin/dumpfs/dumpfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dumpfs.c,v 1.10 1999/07/18 16:03:56 deraadt Exp $ */ +/* $OpenBSD: dumpfs.c,v 1.11 2001/04/13 02:39:06 gluk Exp $ */ /* $NetBSD: dumpfs.c,v 1.12 1997/04/26 05:41:33 lukem Exp $ */ /* @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)dumpfs.c 8.2 (Berkeley) 2/2/94"; #else -static char rcsid[] = "$OpenBSD: dumpfs.c,v 1.10 1999/07/18 16:03:56 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: dumpfs.c,v 1.11 2001/04/13 02:39:06 gluk Exp $"; #endif #endif /* not lint */ @@ -223,15 +223,15 @@ dumpfs(name) } } printf("\ncs[].cs_(nbfree,ndir,nifree,nffree):\n\t"); + afs.fs_csp = calloc(1, afs.fs_cssize); for (i = 0, j = 0; i < afs.fs_cssize; i += afs.fs_bsize, j++) { size = afs.fs_cssize - i < afs.fs_bsize ? afs.fs_cssize - i : afs.fs_bsize; - afs.fs_csp[j] = calloc(1, size); if (lseek(fd, (off_t)(fsbtodb(&afs, (afs.fs_csaddr + j * afs.fs_frag))) * dev_bsize, SEEK_SET) == (off_t)-1) goto err; - if (read(fd, afs.fs_csp[j], size) != size) + if (read(fd, (char *)afs.fs_csp + i, size) != size) goto err; } for (i = 0; i < afs.fs_ncg; i++) { |