If 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,
then 'n' will be less than 0 and the loop will terminate without storing
anything in '*t'. After the loop the uppercase string's allocation is
freed, however after it is freed it is unconditionally accessed through
'*t', which points into the freed allocation, for the purpose of NULL-
terminating the string. This leads to a use-after-free.
Fixed by only NULL-terminating the string when no error has been thrown.
Thanks for Jeffrey Bencteux for reporting this issue:
https://github.com/tuxera/ntfs-3g/issues/84
We used to always install all the manpages, but some are specific to the
'extras' enabled with the configure option '--enable-extras'.
Fixed by only installing the 'extras' manpages when '--enable-extras' is
active.
Also since this commit touches the list of manpages a bit of cleanup was
done to make sure there's only one manpage per line (helps to minimize
diffs) and also that the manpages are sorted in alphabetical order in
ntfsprogs/Makefile.am to avoid future confusion.
Thanks to user 'opty77' for reporting this issue:
https://github.com/tuxera/ntfs-3g/issues/82
When the bitmap needs extending, 'vol->free_mft_records' is incremented
by 8*8=64 records. This is due to the bitmap's initialized area being
extended 8 bytes at a time.
However the way 'vol->free_mft_records' is being initialized is that all
the bits that are currently allocated to the MFT bitmap are already
taken into account at initialization time. This leads to a value for
'vol->free_mft_records' that is larger than the actual available number
of MFT records.
For example if there are 20 used MFT records and the bitmap has a 4096
byte allocation where 16 bytes are initialized, the number of free MFT
records are ((8 * 16) - 20) + (8 * (4096 - 16)) = 32748 records
available.
If we now expand the bitmap by 8 initialized bytes, we'd be adding 64
MFT entries according to the logic in the function
'ntfs_mft_bitmap_extend_initialized'.
However we are expanding it within the bounds of the existing allocation
where there is (4096 - 16) bytes free, so they shouldn't be added at all
at this stage.
The result is that our internal accounting is that we have 32748 + 64 =
32812 available MFT records, but in reality we will have 32748 records
available all the time until we expand the allocation beyond 4096 bytes.
Fixed by incrementing 'vol->free_mft_records' when the allocation is
expanded, not when the initialized size is.
When 'remove_reparse_index', called by 'ntfs_delete_reparse_index',
fails to look up a reparse key in the index, it leaves the
'ntfs_index_context' without a populated 'INDEX_BLOCK *ib' field.
This causes 'remove_reparse_index' to fail but the index entry is then
marked dirty unconditionally in 'ntfs_index_entry_mark_dirty', called by
'ntfs_delete_reparse_index', even though 'ib' may be NULL.
The following 'ntfs_index_ctx_put' call then starts to write out the
dirty 'INDEX_BLOCK', which causes a crash.
Fixed by only marking the index block dirty in if it's non-NULL.
Thanks to Stephen Greenham <sg@solarisfire.com> for reporting this issue
and providing debug information.
Previously the creation time was filled in with seconds (obtained using
time(NULL)) but the microsecond part was left zeroed. Fixed by using
gettimeofday when available.
configure scripts need to be runnable with a POSIX-compliant /bin/sh.
On many (but not all!) systems, /bin/sh is provided by Bash, so errors
like this aren't spotted. Notably Debian defaults to /bin/sh provided
by dash which doesn't tolerate such bashisms as '=='.
This retains compatibility with bash.
Fixes configure warnings/errors like:
```
checking Windows OS... no
./configure: 13360: test: xinternal: unexpected operator
checking for pthread_create in -lpthread... yes
checking Solaris OS... no
```
Signed-off-by: Sam James <sam@gentoo.org>
Runlists with no runs are tolerated though not expected. However merging
such runlists is problematic as there is no significant vcn to examine.
So avoid merging them, and just return the other runlist.
A zero-size run is the universal way to indentify the end of a runlist,
so we must reject zero-sized runs when decompressing a runlist. A
zero-size data run is an error, and a zero-size hole is simply ignored.
Accepting --help or --version options may leave the ntfs-3g process in an
unclean state, so reject them while processing options. Also reject
them in libfuse-lite.
When copying an attribute name which contains a null, it is truncated
and this may lead to accessing non-allocated bytes when relying on the
expected name length. Such (illegal) names must therefore be rejected.
Before reading a full attribute value for internal use, its expected
length has been checked to be < 0x40000. However the allocated size
in the runlist may be much bigger as a consequence of a bug or malice.
To prevent malloc'ing excessive size, restrict the size of the last
run to read to the needed length.
When copying an attribute name which contains a null, it is truncated
and this may lead to accessing non-allocated bytes when relying on the
expected name length. Such names must therefore be rejected.
When creating a new MFT record, the former seq_no and usn are retrieved
to avoid the new one to be mistaken for the former one.
This may not be possible when the record is used for the first time
or after some bad error. In such situation use default values.
The recent detection of a truncated attribute list entry overlooked the
normal detection of the end of list. Moreover the check for name
overflow is to be done later and not needed at this stage.
Allocating clusters to the main bitmap may imply updating the bitmap
itself within a cluster not yet allocated. This can turn into endless
recursions and has to be rejected. Currently the bitmap is assumed
to be fully allocated.
The count of free clusters may be updated while mounting before it
has been initialized, which may lead to irrelevant error messages.
Moreover the count is not computed at all in some ntfsprogs utilities.
So set up a flags to avoid outputting irrelevant errors.
Make sure the used part of an index block fits into the allocated buffer.
Note : a negative size may cause overflow on 32-bit cpus.
(contributed by Rakesh Pandit)
The standard size is 2560 bytes. It can be extended for specific purposes,
but its former limit to 32 bits was unreasonable. Anyway ntfs-3g is
not committed to support non-standard situations.
Checked that attributes are [non-]resident when they have to be, and
grouped consistency checks on each of them in a dedicated function.
Consequenly request the checks where needed and remove existing index
checks.
The standard information of the MFT must be its first attribute in the
base record. If it is not accessible initially, we end up searching it
in an extent before the MFT struct is ready for that.
Erik Larsson
Sam James
Jean-Pierre André
Jean-Pierre André