mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
911 lines
25 KiB
911 lines
25 KiB
/*++
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
CheckSup.c
|
|
|
|
Abstract:
|
|
|
|
This module implements check routines for Ntfs structures.
|
|
|
|
Author:
|
|
|
|
Tom Miller [TomM] 14-4-92
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "NtfsProc.h"
|
|
|
|
//
|
|
// Array for log records which require a target attribute.
|
|
// A TRUE indicates that the corresponding restart operation
|
|
// requires a target attribute.
|
|
//
|
|
|
|
BOOLEAN TargetAttributeRequired[] = {FALSE, FALSE, TRUE, TRUE,
|
|
TRUE, TRUE, TRUE, TRUE,
|
|
TRUE, TRUE, FALSE, TRUE,
|
|
TRUE, TRUE, TRUE, TRUE,
|
|
TRUE, TRUE, TRUE, TRUE,
|
|
TRUE, TRUE, TRUE, TRUE,
|
|
FALSE, FALSE, FALSE, FALSE,
|
|
TRUE, FALSE, FALSE, FALSE,
|
|
FALSE, TRUE, TRUE };
|
|
|
|
//
|
|
// Local procedure prototypes
|
|
//
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
#pragma alloc_text(PAGE, NtfsCheckAttributeRecord)
|
|
#pragma alloc_text(PAGE, NtfsCheckFileRecord)
|
|
#pragma alloc_text(PAGE, NtfsCheckIndexBuffer)
|
|
#pragma alloc_text(PAGE, NtfsCheckIndexHeader)
|
|
#pragma alloc_text(PAGE, NtfsCheckIndexRoot)
|
|
#pragma alloc_text(PAGE, NtfsCheckLogRecord)
|
|
#pragma alloc_text(PAGE, NtfsCheckRestartTable)
|
|
#endif
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckFileRecord (
|
|
IN PVCB Vcb,
|
|
IN PFILE_RECORD_SEGMENT_HEADER FileRecord,
|
|
IN PFILE_REFERENCE FileReference OPTIONAL,
|
|
OUT PULONG CorruptionHint
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Consistency check for file records.
|
|
|
|
Arguments:
|
|
|
|
Vcb - the vcb it belongs to
|
|
|
|
FileRecord - the filerecord to check
|
|
|
|
FileReference - if specified double check the sequence number and self ref.
|
|
fileref against it
|
|
|
|
CorruptionHint - hint for debugging on where corruption occured;
|
|
|
|
Return Value:
|
|
|
|
FALSE - if the file record is not valid
|
|
TRUE - if it is
|
|
|
|
--*/
|
|
{
|
|
PATTRIBUTE_RECORD_HEADER Attribute;
|
|
PFILE_RECORD_SEGMENT_HEADER EndOfFileRecord;
|
|
ULONG BytesPerFileRecordSegment = Vcb->BytesPerFileRecordSegment;
|
|
BOOLEAN StandardInformationSeen = FALSE;
|
|
ULONG BytesInOldHeader;
|
|
|
|
PAGED_CODE();
|
|
|
|
*CorruptionHint = 0;
|
|
|
|
EndOfFileRecord = Add2Ptr( FileRecord, BytesPerFileRecordSegment );
|
|
|
|
//
|
|
// Check the file record header for consistency.
|
|
//
|
|
|
|
if ((*(PULONG)FileRecord->MultiSectorHeader.Signature != *(PULONG)FileSignature)
|
|
|
|
||
|
|
|
|
((ULONG)FileRecord->MultiSectorHeader.UpdateSequenceArrayOffset >
|
|
(SEQUENCE_NUMBER_STRIDE -
|
|
(PAGE_SIZE / SEQUENCE_NUMBER_STRIDE + 1) * sizeof(USHORT)))
|
|
|
|
||
|
|
|
|
((ULONG)((FileRecord->MultiSectorHeader.UpdateSequenceArraySize - 1) * SEQUENCE_NUMBER_STRIDE) !=
|
|
BytesPerFileRecordSegment)
|
|
|
|
||
|
|
|
|
!FlagOn(FileRecord->Flags, FILE_RECORD_SEGMENT_IN_USE)) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid file record: %08lx\n", FileRecord) );
|
|
|
|
*CorruptionHint = 1;
|
|
ASSERTMSG( "Invalid resident file record\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
BytesInOldHeader = QuadAlign( sizeof( FILE_RECORD_SEGMENT_HEADER_V0 ) + (UpdateSequenceArraySize( BytesPerFileRecordSegment ) - 1) * sizeof( USHORT ));
|
|
|
|
//
|
|
// Offset bounds checks
|
|
//
|
|
|
|
if ((FileRecord->FirstFreeByte > BytesPerFileRecordSegment) ||
|
|
(FileRecord->FirstFreeByte < BytesInOldHeader) ||
|
|
|
|
(FileRecord->BytesAvailable != BytesPerFileRecordSegment) ||
|
|
|
|
(((ULONG)FileRecord->FirstAttributeOffset < BytesInOldHeader) ||
|
|
((ULONG)FileRecord->FirstAttributeOffset >
|
|
BytesPerFileRecordSegment - SIZEOF_RESIDENT_ATTRIBUTE_HEADER)) ||
|
|
|
|
(!IsQuadAligned( FileRecord->FirstAttributeOffset ))) {
|
|
|
|
*CorruptionHint = 2;
|
|
ASSERTMSG( "Out of bound offset in frs\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Optional fileref number check
|
|
//
|
|
|
|
if (ARGUMENT_PRESENT( FileReference )) {
|
|
|
|
if ((FileReference->SequenceNumber != FileRecord->SequenceNumber) ||
|
|
((FileRecord->FirstAttributeOffset > BytesInOldHeader) &&
|
|
((FileRecord->SegmentNumberHighPart != FileReference->SegmentNumberHighPart) ||
|
|
(FileRecord->SegmentNumberLowPart != FileReference->SegmentNumberLowPart)))) {
|
|
|
|
*CorruptionHint = 3;
|
|
ASSERTMSG( "Filerecord fileref doesn't match expected value\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Loop to check all of the attributes.
|
|
//
|
|
|
|
for (Attribute = NtfsFirstAttribute(FileRecord);
|
|
Attribute->TypeCode != $END;
|
|
Attribute = NtfsGetNextRecord(Attribute)) {
|
|
|
|
// if (!StandardInformationSeen &&
|
|
// (Attribute->TypeCode != $STANDARD_INFORMATION) &&
|
|
// XxEqlZero(FileRecord->BaseFileRecordSegment)) {
|
|
//
|
|
// DebugTrace( 0, 0, ("Standard Information missing: %08lx\n", Attribute) );
|
|
//
|
|
// ASSERTMSG( "Standard Information missing\n", FALSE );
|
|
// return FALSE;
|
|
// }
|
|
|
|
StandardInformationSeen = TRUE;
|
|
|
|
if (!NtfsCheckAttributeRecord( Vcb,
|
|
FileRecord,
|
|
Attribute,
|
|
FALSE,
|
|
CorruptionHint )) {
|
|
|
|
return FALSE;
|
|
}
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckAttributeRecord (
|
|
IN PVCB Vcb,
|
|
IN PFILE_RECORD_SEGMENT_HEADER FileRecord,
|
|
IN PATTRIBUTE_RECORD_HEADER Attribute,
|
|
IN ULONG CheckHeaderOnly,
|
|
IN PULONG CorruptionHint
|
|
)
|
|
|
|
{
|
|
PVOID NextAttribute;
|
|
PVOID EndOfFileRecord;
|
|
PVOID FirstFreeByte;
|
|
PVOID Data;
|
|
ULONG Length;
|
|
ULONG BytesPerFileRecordSegment = Vcb->BytesPerFileRecordSegment;
|
|
|
|
PAGED_CODE();
|
|
|
|
EndOfFileRecord = Add2Ptr( FileRecord, BytesPerFileRecordSegment );
|
|
FirstFreeByte = Add2Ptr( FileRecord, FileRecord->FirstFreeByte );
|
|
|
|
//
|
|
// Do an alignment check before creating a ptr based on this value
|
|
//
|
|
|
|
if (!IsQuadAligned( Attribute->RecordLength )) {
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 0xc;
|
|
ASSERTMSG( "Misaligned attribute length\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
NextAttribute = NtfsGetNextRecord(Attribute);
|
|
|
|
//
|
|
// Check the fixed part of the attribute record header.
|
|
//
|
|
|
|
if ((Attribute->RecordLength >= BytesPerFileRecordSegment)
|
|
|
|
||
|
|
|
|
(NextAttribute >= EndOfFileRecord)
|
|
|
|
||
|
|
|
|
(FlagOn(Attribute->NameOffset, 1) != 0)
|
|
|
|
||
|
|
|
|
((Attribute->NameLength != 0) &&
|
|
(((ULONG)Attribute->NameOffset + (ULONG)Attribute->NameLength) >
|
|
Attribute->RecordLength))) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid attribute record header: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 1;
|
|
ASSERTMSG( "Invalid attribute record header\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
if (NextAttribute > FirstFreeByte) {
|
|
*CorruptionHint = Attribute->TypeCode + 2;
|
|
ASSERTMSG( "Attributes beyond first free byte\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Check the resident attribute fields.
|
|
//
|
|
|
|
if (Attribute->FormCode == RESIDENT_FORM) {
|
|
|
|
if ((Attribute->Form.Resident.ValueLength >= Attribute->RecordLength) ||
|
|
|
|
(((ULONG)Attribute->Form.Resident.ValueOffset +
|
|
Attribute->Form.Resident.ValueLength) > Attribute->RecordLength) ||
|
|
|
|
(!IsQuadAligned( Attribute->Form.Resident.ValueOffset ))) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid resident attribute record header: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 3;
|
|
ASSERTMSG( "Invalid resident attribute record header\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Check the nonresident attribute fields
|
|
//
|
|
|
|
} else if (Attribute->FormCode == NONRESIDENT_FORM) {
|
|
|
|
VCN CurrentVcn, NextVcn;
|
|
LCN CurrentLcn;
|
|
LONGLONG Change;
|
|
PCHAR ch;
|
|
ULONG VcnBytes;
|
|
ULONG LcnBytes;
|
|
|
|
if ((Attribute->Form.Nonresident.LowestVcn >
|
|
(Attribute->Form.Nonresident.HighestVcn + 1))
|
|
|
|
||
|
|
|
|
((ULONG)Attribute->Form.Nonresident.MappingPairsOffset >=
|
|
Attribute->RecordLength)
|
|
|
|
||
|
|
|
|
(Attribute->Form.Nonresident.ValidDataLength < 0) ||
|
|
(Attribute->Form.Nonresident.FileSize < 0) ||
|
|
(Attribute->Form.Nonresident.AllocatedLength < 0)
|
|
|
|
||
|
|
|
|
(Attribute->Form.Nonresident.ValidDataLength >
|
|
Attribute->Form.Nonresident.FileSize)
|
|
|
|
||
|
|
|
|
(Attribute->Form.Nonresident.FileSize >
|
|
Attribute->Form.Nonresident.AllocatedLength)) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid nonresident attribute record header: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 4;
|
|
ASSERTMSG( "Invalid nonresident attribute record header\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
if (CheckHeaderOnly) { return TRUE; }
|
|
|
|
//
|
|
// Implement the decompression algorithm, as defined in ntfs.h.
|
|
// (This code should look remarkably similar to what goes on in
|
|
// NtfsLookupAllocation!)
|
|
//
|
|
|
|
NextVcn = Attribute->Form.Nonresident.LowestVcn;
|
|
CurrentLcn = 0;
|
|
ch = (PCHAR)Attribute + Attribute->Form.Nonresident.MappingPairsOffset;
|
|
|
|
//
|
|
// Loop to process mapping pairs, insuring we do not run off the end
|
|
// of the attribute, and that we do not map to nonexistant Lcns.
|
|
//
|
|
|
|
while (!IsCharZero(*ch)) {
|
|
|
|
//
|
|
// Set Current Vcn from initial value or last pass through loop.
|
|
//
|
|
|
|
CurrentVcn = NextVcn;
|
|
|
|
//
|
|
// Extract the counts from the two nibbles of this byte.
|
|
//
|
|
|
|
VcnBytes = *ch & 0xF;
|
|
LcnBytes = *ch++ >> 4;
|
|
|
|
//
|
|
// Neither of these should be larger than a VCN.
|
|
//
|
|
|
|
if ((VcnBytes > sizeof( VCN )) ||
|
|
(LcnBytes > sizeof( VCN ))) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid maping pair byte count: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 5;
|
|
ASSERTMSG( "Invalid maping pair byte count\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Extract the Vcn change (use of RtlCopyMemory works for little-Endian)
|
|
// and update NextVcn.
|
|
//
|
|
|
|
Change = 0;
|
|
|
|
//
|
|
// Make sure we are not going beyond the end of the attribute
|
|
// record, and that the Vcn change is not negative or zero.
|
|
//
|
|
|
|
if (((ULONG_PTR)(ch + VcnBytes + LcnBytes + 1) > (ULONG_PTR)NextAttribute)
|
|
|
|
||
|
|
|
|
IsCharLtrZero(*(ch + VcnBytes - 1))) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid maping pairs array: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 6;
|
|
ASSERTMSG( "Invalid maping pairs array\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
RtlCopyMemory( &Change, ch, VcnBytes );
|
|
ch += VcnBytes;
|
|
NextVcn = NextVcn + Change;
|
|
|
|
//
|
|
// Extract the Lcn change and update CurrentLcn.
|
|
//
|
|
|
|
Change = 0;
|
|
if (IsCharLtrZero(*(ch + LcnBytes - 1))) {
|
|
Change = Change - 1;
|
|
}
|
|
RtlCopyMemory( &Change, ch, LcnBytes );
|
|
ch += LcnBytes;
|
|
CurrentLcn = CurrentLcn + Change;
|
|
|
|
if ((LcnBytes != 0) &&
|
|
((CurrentLcn + (NextVcn - CurrentVcn) - 1) > Vcb->TotalClusters)) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid Lcn: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 7;
|
|
ASSERTMSG( "Invalid Lcn\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Finally, check HighestVcn.
|
|
//
|
|
|
|
if (NextVcn != (Attribute->Form.Nonresident.HighestVcn + 1)) {
|
|
|
|
DebugTrace( 0, 0, ("Disagreement with mapping pairs: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 8;
|
|
ASSERTMSG( "Disagreement with mapping pairs\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
} else {
|
|
|
|
DebugTrace( 0, 0, ("Invalid attribute form code: %08lx\n", Attribute) );
|
|
|
|
ASSERTMSG( "Invalid attribute form code\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Now check the attributes by type code, if they are resident. Not all
|
|
// attributes require specific checks (such as $STANDARD_INFORMATION and $DATA).
|
|
//
|
|
|
|
if (CheckHeaderOnly || !NtfsIsAttributeResident( Attribute )) {
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
Data = NtfsAttributeValue(Attribute);
|
|
Length = Attribute->Form.Resident.ValueLength;
|
|
|
|
switch (Attribute->TypeCode) {
|
|
|
|
case $FILE_NAME:
|
|
|
|
{
|
|
if ((ULONG)((PFILE_NAME)Data)->FileNameLength * sizeof( WCHAR ) >
|
|
(Length - (ULONG)sizeof(FILE_NAME) + sizeof( WCHAR ))) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid File Name attribute: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 9;
|
|
ASSERTMSG( "Invalid File Name attribute\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
break;
|
|
}
|
|
|
|
case $INDEX_ROOT:
|
|
|
|
{
|
|
return NtfsCheckIndexRoot( Vcb, (PINDEX_ROOT)Data, Length );
|
|
}
|
|
|
|
case $STANDARD_INFORMATION:
|
|
|
|
{
|
|
if (Length < sizeof( STANDARD_INFORMATION ) &&
|
|
Length != SIZEOF_OLD_STANDARD_INFORMATION)
|
|
{
|
|
DebugTrace( 0, 0, ("Invalid Standard Information attribute: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 0xa;
|
|
ASSERTMSG( "Invalid Standard Information attribute size\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
case $ATTRIBUTE_LIST:
|
|
case $OBJECT_ID:
|
|
case $SECURITY_DESCRIPTOR:
|
|
case $VOLUME_NAME:
|
|
case $VOLUME_INFORMATION:
|
|
case $DATA:
|
|
case $INDEX_ALLOCATION:
|
|
case $BITMAP:
|
|
case $REPARSE_POINT:
|
|
case $EA_INFORMATION:
|
|
case $EA:
|
|
case $LOGGED_UTILITY_STREAM:
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
{
|
|
DebugTrace( 0, 0, ("Bad Attribute type code: %08lx\n", Attribute) );
|
|
|
|
*CorruptionHint = Attribute->TypeCode + 0xb;
|
|
ASSERTMSG( "Bad Attribute type code\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckIndexRoot (
|
|
IN PVCB Vcb,
|
|
IN PINDEX_ROOT IndexRoot,
|
|
IN ULONG AttributeSize
|
|
)
|
|
|
|
{
|
|
UCHAR ShiftValue;
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Check whether this index root uses clusters or if the cluster size is larger than
|
|
// the index block.
|
|
//
|
|
|
|
if (IndexRoot->BytesPerIndexBuffer >= Vcb->BytesPerCluster) {
|
|
|
|
ShiftValue = (UCHAR) Vcb->ClusterShift;
|
|
|
|
} else {
|
|
|
|
ShiftValue = DEFAULT_INDEX_BLOCK_BYTE_SHIFT;
|
|
}
|
|
|
|
if ((AttributeSize < sizeof(INDEX_ROOT))
|
|
|
|
||
|
|
|
|
((IndexRoot->IndexedAttributeType != $FILE_NAME) && (IndexRoot->IndexedAttributeType != $UNUSED))
|
|
|
|
||
|
|
|
|
((IndexRoot->IndexedAttributeType == $FILE_NAME) && (IndexRoot->CollationRule != COLLATION_FILE_NAME))
|
|
|
|
||
|
|
|
|
|
|
(IndexRoot->BytesPerIndexBuffer !=
|
|
BytesFromIndexBlocks( IndexRoot->BlocksPerIndexBuffer, ShiftValue ))
|
|
|
|
||
|
|
|
|
((IndexRoot->BlocksPerIndexBuffer != 1) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 2) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 4) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 8) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 16) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 32) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 64) &&
|
|
(IndexRoot->BlocksPerIndexBuffer != 128))) {
|
|
|
|
DebugTrace( 0, 0, ("Bad Index Root: %08lx\n", IndexRoot) );
|
|
|
|
ASSERTMSG( "Bad Index Root\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
return NtfsCheckIndexHeader( &IndexRoot->IndexHeader,
|
|
AttributeSize - sizeof(INDEX_ROOT) + sizeof(INDEX_HEADER) );
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckIndexBuffer (
|
|
IN PSCB Scb,
|
|
IN PINDEX_ALLOCATION_BUFFER IndexBuffer
|
|
)
|
|
|
|
{
|
|
ULONG BytesPerIndexBuffer = Scb->ScbType.Index.BytesPerIndexBuffer;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Check the index buffer for consistency.
|
|
//
|
|
|
|
if ((*(PULONG)IndexBuffer->MultiSectorHeader.Signature != *(PULONG)IndexSignature)
|
|
|
|
||
|
|
|
|
((ULONG)IndexBuffer->MultiSectorHeader.UpdateSequenceArrayOffset >
|
|
(SEQUENCE_NUMBER_STRIDE - (PAGE_SIZE / SEQUENCE_NUMBER_STRIDE + 1) * sizeof(USHORT)))
|
|
|
|
||
|
|
|
|
((ULONG)((IndexBuffer->MultiSectorHeader.UpdateSequenceArraySize - 1) * SEQUENCE_NUMBER_STRIDE) !=
|
|
BytesPerIndexBuffer)) {
|
|
|
|
DebugTrace( 0, 0, ("Invalid Index Buffer: %08lx\n", IndexBuffer) );
|
|
|
|
ASSERTMSG( "Invalid resident Index Buffer\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
return NtfsCheckIndexHeader( &IndexBuffer->IndexHeader,
|
|
BytesPerIndexBuffer -
|
|
FIELD_OFFSET(INDEX_ALLOCATION_BUFFER, IndexHeader) );
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckIndexHeader (
|
|
IN PINDEX_HEADER IndexHeader,
|
|
IN ULONG BytesAvailable
|
|
)
|
|
|
|
{
|
|
PINDEX_ENTRY IndexEntry, NextIndexEntry;
|
|
PINDEX_ENTRY EndOfIndex;
|
|
ULONG MinIndexEntry = sizeof(INDEX_ENTRY);
|
|
|
|
PAGED_CODE();
|
|
|
|
if (FlagOn(IndexHeader->Flags, INDEX_NODE)) {
|
|
|
|
MinIndexEntry += sizeof(VCN);
|
|
}
|
|
|
|
if ((IndexHeader->FirstIndexEntry > (BytesAvailable - MinIndexEntry))
|
|
|
|
||
|
|
|
|
(IndexHeader->FirstFreeByte > BytesAvailable)
|
|
|
|
||
|
|
|
|
(IndexHeader->BytesAvailable > BytesAvailable)
|
|
|
|
||
|
|
|
|
((IndexHeader->FirstIndexEntry + MinIndexEntry) > IndexHeader->FirstFreeByte)
|
|
|
|
||
|
|
|
|
(IndexHeader->FirstFreeByte > IndexHeader->BytesAvailable)) {
|
|
|
|
DebugTrace( 0, 0, ("Bad Index Header: %08lx\n", IndexHeader) );
|
|
|
|
ASSERTMSG( "Bad Index Header\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
IndexEntry = NtfsFirstIndexEntry(IndexHeader);
|
|
|
|
EndOfIndex = Add2Ptr(IndexHeader, IndexHeader->FirstFreeByte);
|
|
|
|
while (TRUE) {
|
|
|
|
NextIndexEntry = NtfsNextIndexEntry(IndexEntry);
|
|
|
|
if (((ULONG)IndexEntry->Length < MinIndexEntry)
|
|
|
|
||
|
|
|
|
(NextIndexEntry > EndOfIndex)
|
|
|
|
||
|
|
|
|
// ((ULONG)IndexEntry->AttributeLength >
|
|
// ((ULONG)IndexEntry->Length - MinIndexEntry))
|
|
//
|
|
// ||
|
|
|
|
(BooleanFlagOn(IndexEntry->Flags, INDEX_ENTRY_NODE) !=
|
|
BooleanFlagOn(IndexHeader->Flags, INDEX_NODE))) {
|
|
|
|
DebugTrace( 0, 0, ("Bad Index Entry: %08lx\n", IndexEntry) );
|
|
|
|
ASSERTMSG( "Bad Index Entry\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
if (FlagOn(IndexEntry->Flags, INDEX_ENTRY_END)) {
|
|
break;
|
|
}
|
|
IndexEntry = NextIndexEntry;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckLogRecord (
|
|
IN PNTFS_LOG_RECORD_HEADER LogRecord,
|
|
IN ULONG LogRecordLength,
|
|
IN TRANSACTION_ID TransactionId,
|
|
IN ULONG AttributeEntrySize
|
|
)
|
|
|
|
{
|
|
BOOLEAN ValidLogRecord = FALSE;
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// We make the following checks on the log record.
|
|
//
|
|
// - Minimum length must contain an NTFS_LOG_RECORD_HEADER
|
|
// - Transaction Id must be a valid value (a valid index offset)
|
|
//
|
|
// The following are values in the log record.
|
|
//
|
|
// - Redo/Undo offset must be quadaligned
|
|
// - Redo/Undo offset + length must be contained in the log record
|
|
// - Target attribute must be a valid value (either 0 or valid index offset)
|
|
// - Record offset must be quad-aligned and less than the file record size.
|
|
// - Log record size must be sufficient for Lcn's to follow.
|
|
//
|
|
// Use the separate assert messages in order to identify the error (used the same text so
|
|
// the compiler can still optimize).
|
|
//
|
|
|
|
if (LogRecordLength < sizeof( NTFS_LOG_RECORD_HEADER )) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if (TransactionId == 0) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if ((TransactionId - sizeof( RESTART_TABLE )) % sizeof( TRANSACTION_ENTRY )) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if (FlagOn( LogRecord->RedoOffset, 7 )) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if (FlagOn( LogRecord->UndoOffset, 7 )) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if ((ULONG) LogRecord->RedoOffset + LogRecord->RedoLength > LogRecordLength) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if ((LogRecord->UndoOperation != CompensationLogRecord) &&
|
|
((ULONG) LogRecord->UndoOffset + LogRecord->UndoLength > LogRecordLength)) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else if (LogRecordLength < (sizeof( NTFS_LOG_RECORD_HEADER ) +
|
|
((LogRecord->LcnsToFollow != 0) ?
|
|
(sizeof( LCN ) * (LogRecord->LcnsToFollow - 1)) :
|
|
0))) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
//
|
|
// NOTE: The next two clauses test different cases for the TargetAttribute in
|
|
// the log record. Don't add any tests after this point as the ValidLogRecord
|
|
// value is set to TRUE internally and no other checks take place.
|
|
//
|
|
|
|
} else if (LogRecord->TargetAttribute == 0) {
|
|
|
|
if (((LogRecord->RedoOperation <= UpdateRecordDataAllocation) &&
|
|
TargetAttributeRequired[LogRecord->RedoOperation]) ||
|
|
((LogRecord->UndoOperation <= UpdateRecordDataAllocation) &&
|
|
TargetAttributeRequired[LogRecord->UndoOperation])) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
} else {
|
|
|
|
ValidLogRecord = TRUE;
|
|
}
|
|
|
|
//
|
|
// Read the note above if changing this.
|
|
//
|
|
|
|
} else if ((LogRecord->RedoOperation != ForgetTransaction) &&
|
|
((LogRecord->TargetAttribute - sizeof( RESTART_TABLE )) % AttributeEntrySize)) {
|
|
|
|
ASSERTMSG( "Invalid log record\n", FALSE );
|
|
|
|
//
|
|
// Read the note above if changing this.
|
|
//
|
|
|
|
} else {
|
|
|
|
ValidLogRecord = TRUE;
|
|
}
|
|
|
|
return ValidLogRecord;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtfsCheckRestartTable (
|
|
IN PRESTART_TABLE RestartTable,
|
|
IN ULONG TableSize
|
|
)
|
|
{
|
|
ULONG ActualTableSize;
|
|
ULONG Index;
|
|
PDIRTY_PAGE_ENTRY_V0 NextEntry;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// We want to make the following checks.
|
|
//
|
|
// EntrySize - Must be less than table size and non-zero.
|
|
//
|
|
// NumberEntries - The table size must contain at least this many entries
|
|
// plus the table header.
|
|
//
|
|
// NumberAllocated - Must be less than/equal to NumberEntries
|
|
//
|
|
// FreeGoal - Must lie in the table.
|
|
//
|
|
// FirstFree
|
|
// LastFree - Must either be 0 or be on a restart entry boundary.
|
|
//
|
|
|
|
if ((RestartTable->EntrySize == 0) ||
|
|
(RestartTable->EntrySize > TableSize) ||
|
|
((RestartTable->EntrySize + sizeof( RESTART_TABLE )) > TableSize) ||
|
|
(((TableSize - sizeof( RESTART_TABLE )) / RestartTable->EntrySize) < RestartTable->NumberEntries) ||
|
|
(RestartTable->NumberAllocated > RestartTable->NumberEntries)) {
|
|
|
|
ASSERTMSG( "Invalid Restart Table sizes\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
ActualTableSize = (RestartTable->EntrySize * RestartTable->NumberEntries) +
|
|
sizeof( RESTART_TABLE );
|
|
|
|
if ((RestartTable->FirstFree > ActualTableSize) ||
|
|
(RestartTable->LastFree > ActualTableSize) ||
|
|
((RestartTable->FirstFree != 0) && (RestartTable->FirstFree < sizeof( RESTART_TABLE ))) ||
|
|
((RestartTable->LastFree != 0) && (RestartTable->LastFree < sizeof( RESTART_TABLE )))) {
|
|
|
|
ASSERTMSG( "Invalid Restart Table List Head\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Make a pass through the table verifying that each entry
|
|
// is either allocated or points to a valid offset in the
|
|
// table.
|
|
//
|
|
|
|
for (Index = 0;Index < RestartTable->NumberEntries; Index++) {
|
|
|
|
NextEntry = Add2Ptr( RestartTable,
|
|
((Index * RestartTable->EntrySize) +
|
|
sizeof( RESTART_TABLE )));
|
|
|
|
if ((NextEntry->AllocatedOrNextFree != RESTART_ENTRY_ALLOCATED) &&
|
|
(NextEntry->AllocatedOrNextFree != 0) &&
|
|
((NextEntry->AllocatedOrNextFree < sizeof( RESTART_TABLE )) ||
|
|
(((NextEntry->AllocatedOrNextFree - sizeof( RESTART_TABLE )) % RestartTable->EntrySize) != 0))) {
|
|
|
|
ASSERTMSG( "Invalid Restart Table Entry\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Walk through the list headed by the first entry to make sure none
|
|
// of the entries are currently being used.
|
|
//
|
|
|
|
for (Index = RestartTable->FirstFree; Index != 0; Index = NextEntry->AllocatedOrNextFree) {
|
|
|
|
if (Index == RESTART_ENTRY_ALLOCATED) {
|
|
|
|
ASSERTMSG( "Invalid Restart Table Free List\n", FALSE );
|
|
return FALSE;
|
|
}
|
|
|
|
NextEntry = Add2Ptr( RestartTable, Index );
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|