From 1f28f715ba14d2f3c99e016a1a9e5e710d2b6809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20S=C5=82abo=C5=84?= Date: Wed, 7 Feb 2024 23:02:19 +0100 Subject: [PATCH] [NTOS:FSTUB] Pack the MASTER_BOOT_RECORD structure (#6416) Otherwise the USHORT members are aligned to 4-byte boundary space which overflows the disk sector buffer and ultimately results in crash. This can be reproduced by trying to format the USB drive with Rufus. Also put some additional C_ASSERT checks for extra safety. --- ntoskrnl/fstub/fstubex.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ntoskrnl/fstub/fstubex.c b/ntoskrnl/fstub/fstubex.c index 1904d32339a..00d4ae30fd4 100644 --- a/ntoskrnl/fstub/fstubex.c +++ b/ntoskrnl/fstub/fstubex.c @@ -41,6 +41,7 @@ typedef struct _EFI_PARTITION_HEADER ULONG SizeOfPartitionEntry; // 84 ULONG PartitionEntryCRC32; // 88 } EFI_PARTITION_HEADER, *PEFI_PARTITION_HEADER; +C_ASSERT(sizeof(EFI_PARTITION_HEADER) == 92); #include typedef struct _EFI_PARTITION_ENTRY @@ -52,6 +53,7 @@ typedef struct _EFI_PARTITION_ENTRY ULONGLONG Attributes; // 48 WCHAR Name[0x24]; // 56 } EFI_PARTITION_ENTRY, *PEFI_PARTITION_ENTRY; +C_ASSERT(sizeof(EFI_PARTITION_ENTRY) == 128); typedef struct _PARTITION_TABLE_ENTRY { @@ -66,7 +68,9 @@ typedef struct _PARTITION_TABLE_ENTRY ULONG SectorCountBeforePartition; ULONG PartitionSectorCount; } PARTITION_TABLE_ENTRY, *PPARTITION_TABLE_ENTRY; +C_ASSERT(sizeof(PARTITION_TABLE_ENTRY) == 16); +#include typedef struct _MASTER_BOOT_RECORD { UCHAR MasterBootRecordCodeAndData[0x1B8]; // 0 @@ -75,6 +79,8 @@ typedef struct _MASTER_BOOT_RECORD PARTITION_TABLE_ENTRY PartitionTable[4]; // 446 USHORT MasterBootRecordMagic; // 510 } MASTER_BOOT_RECORD, *PMASTER_BOOT_RECORD; +C_ASSERT(sizeof(MASTER_BOOT_RECORD) == 512); +#include /* Partition entry size (bytes) - FIXME: It's hardcoded as Microsoft does, but according to specs, it shouldn't be */ #define PARTITION_ENTRY_SIZE 128