fat: don't allow to mount if the FAT length == 0

commit b1b65750b8db67834482f758fc385bfa7560d228 upstream. If FAT length == 0, the image doesn't have any data. And it can be the cause of overlapping the root dir and FAT entries. Also Windows treats it as invalid format. Reported-by: syzbot+6f1624f937d9d6911e2d@syzkaller.appspotmail.com Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Marco Elver <elver@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Link: http://lkml.kernel.org/r/87r1wz8mrd.fsf@mail.parknet.co.jp Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> 2020-06-04 16:50:56 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-06-20 10:25:05 +0200
commit: 0fd0bb0dfe1d691fd52f037d91e7a3e62d97cbb6 (patch)
tree: 127ca777ddf3a7b9a9aa0d4584fbc08768fb736c /fs/fat
parent: 5f68457ed16831df9aaa4b9156d06250cf863068 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index 1df023c4c2cc..c41393e30a04 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -1512,6 +1512,12 @@ static int fat_read_bpb(struct super_block *sb, struct fat_boot_sector *b,
 		goto out;
 	}
 
+	if (bpb->fat_fat_length == 0 && bpb->fat32_length == 0) {
+		if (!silent)
+			fat_msg(sb, KERN_ERR, "bogus number of FAT sectors");
+		goto out;
+	}
+
 	error = 0;
 
 out:
author	OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>	2020-06-04 16:50:56 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-06-20 10:25:05 +0200
commit	0fd0bb0dfe1d691fd52f037d91e7a3e62d97cbb6 (patch)
tree	127ca777ddf3a7b9a9aa0d4584fbc08768fb736c /fs/fat
parent	5f68457ed16831df9aaa4b9156d06250cf863068 (diff)