Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp538737ybt;
        Fri, 19 Jun 2020 07:46:43 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyY9jhDpaUUSymr95W5BgasoxRrAHbiyp68doG1ZpBkpaA15/vkDYKLSditeHO6YQvWoKr2
X-Received: by 2002:a17:906:7253:: with SMTP id n19mr4168272ejk.31.1592578003340;
        Fri, 19 Jun 2020 07:46:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1592578003; cv=none;
        d=google.com; s=arc-20160816;
        b=vR1QFyGj31xxabamYLuqIkzTeDZsQDd4pbVPQpSjhZZ74V0QsAkXlSRDwt6FZ3DW+L
         0reUT1HLq9VGlynwt274CuELS4kw5MMeDMfYTZ8kGuaHtVnhuO8dnTETdgSboXznEb1n
         8sQAMIqPfU8po+cyGHJFCv5AJt76c4VdFunDXpLaGBLJyquLaiBXSWDwiCu0sxueZxrG
         R8yvJF/mZTmXfcOIa0uDpZLGVrbW7QYkEeCfVBxhNqyMm73idYQU+J4+ZdNsevIDoTGL
         cFyI+y7vn/Yor/h8BVNNa8i4RGBcUbGJL4pqKqPj2iTaT26UTJ8L37BojgNPqgsk3Q3g
         jBuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=wrQ31AyOhIuDU7z0p2aRp4ZjOqdCfrRjFARStE22KZU=;
        b=uIZDSOwayPrZhnn61corHzSQd6YC4airMhCgylT0ZKcy6gw3rLFIAdzSptMv6brpla
         4Xz4LuZYDdvMVCV0FZmbnOCRDF3DP1qqMrQN5qQ540imwxM6n5qRLMvv/ASgTZ14A6Xp
         icY1S68Hv/7eSZqIea+pzT/9GCZu6KwAunSf6ADLaP6xnCX1K1CP6vjpFiGKZ+tqlB+2
         O7N6G1QtzLM62ASNP9trQ3CyiYVAqhT9MREYI17pgDtms5fFnN/vxCmVVdtEOTfhx7c3
         a3eyHq9Bqjh51KogO3Lsw4XHPwPYFMwbk+0oQcTSpi0VgC4p3MMnNu6rSDCRP0Wk/aVt
         A0qw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Zlmhxmzb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l30si4815697edj.499.2020.06.19.07.46.20;
        Fri, 19 Jun 2020 07:46:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Zlmhxmzb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388277AbgFSOlf (ORCPT <rfc822;jaegeuk-test@gmail.com>
        + 99 others); Fri, 19 Jun 2020 10:41:35 -0400
Received: from mail.kernel.org ([198.145.29.99]:60092 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388265AbgFSOlb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Jun 2020 10:41:31 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id B000021527;
        Fri, 19 Jun 2020 14:41:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1592577691;
        bh=H5xDzHKG9GRHH4R47pWgDEYLAYfTowtEAnmIXJQZqIg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ZlmhxmzbBgBQqCy2xjWJLFb07tyd7Bhst29UnS8wJ6t5q4Bm3JhjQJUpFxUyhD3Xq
         +3cTsgWyDhS0YDZSb/L2OgTbXUdSajkr2Nx413uSlCvrQk9BsX9FGWTD67JzsoxfPY
         10Si6ldzUexdDD+BOLOlBFKToL9StYk0nVtKF5YE=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        syzbot+6f1624f937d9d6911e2d@syzkaller.appspotmail.com,
        OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
        Andrew Morton <akpm@linux-foundation.org>,
        Marco Elver <elver@google.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.9 049/128] fat: dont allow to mount if the FAT length == 0
Date:   Fri, 19 Jun 2020 16:32:23 +0200
Message-Id: <20200619141622.792607521@linuxfoundation.org>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200619141620.148019466@linuxfoundation.org>
References: <20200619141620.148019466@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>

commit b1b65750b8db67834482f758fc385bfa7560d228 upstream.

If FAT length == 0, the image doesn't have any data. And it can be the
cause of overlapping the root dir and FAT entries.

Also Windows treats it as invalid format.

Reported-by: syzbot+6f1624f937d9d6911e2d@syzkaller.appspotmail.com
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Link: http://lkml.kernel.org/r/87r1wz8mrd.fsf@mail.parknet.co.jp
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/fat/inode.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -1512,6 +1512,12 @@ static int fat_read_bpb(struct super_blo
 		goto out;
 	}
 
+	if (bpb->fat_fat_length == 0 && bpb->fat32_length == 0) {
+		if (!silent)
+			fat_msg(sb, KERN_ERR, "bogus number of FAT sectors");
+		goto out;
+	}
+
 	error = 0;
 
 out: