From cd80a4fe611d7cb4153a6ed39d1e5052c702fb12 Mon Sep 17 00:00:00 2001
From: Patrick Wildt <patrick@blueri.se>
Date: Mon, 26 Nov 2018 15:56:57 +0100
Subject: [PATCH] fs: check FAT cluster size

The cluster size specifies how many sectors make up a cluster.  A
cluster size of zero makes no sense, as it would mean that the
cluster is made up of no sectors.  This will later lead into a
division by zero in sect_to_clust(), so better take care of that
early.

The MAX_CLUSTSIZE define can reduced using a define to make some
room in low-memory system.  Unfortunately if the code reads a
filesystem with a bigger cluster size it will overflow the buffer.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
---
 fs/fat/fat.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index 4bc3030ab8..e0c076763f 100644
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -571,6 +571,17 @@ static int get_fs_info(fsdata *mydata)
 				mydata->sect_size, cur_part_info.blksz);
 		return -1;
 	}
+	if (mydata->clust_size == 0) {
+		printf("Error: FAT cluster size not set\n");
+		return -1;
+	}
+	if ((unsigned int)mydata->clust_size * mydata->sect_size >
+	    MAX_CLUSTSIZE) {
+		printf("Error: FAT cluster size too big (cs=%u, max=%u)\n",
+		       (unsigned int)mydata->clust_size * mydata->sect_size,
+		       MAX_CLUSTSIZE);
+		return -1;
+	}
 
 	if (mydata->fatsize == 32) {
 		mydata->data_begin = mydata->rootdir_sect -
-- 
2.39.5