[PATCH] partitions: efi: fix GPT header size exceeding allocation size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The buffer gets allocated with the block device of size SECTOR_SIZE, but an
ill-formed GPT header_size may exceed it resulting in heap-overflow.

Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@xxxxxxxxx>
---
 common/partitions/efi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/partitions/efi.c b/common/partitions/efi.c
index 829360da6e..9a04b7014d 100644
--- a/common/partitions/efi.c
+++ b/common/partitions/efi.c
@@ -173,6 +173,9 @@ static int is_gpt_valid(struct block_device *blk, u64 lba,
 		goto fail;
 	}
 
+	if (le32_to_cpu((*gpt)->header_size) > bdev_logical_block_size(blk))
+		goto fail;
+
 	/* Check the GUID Partition Table CRC */
 	origcrc = le32_to_cpu((*gpt)->header_crc32);
 	(*gpt)->header_crc32 = 0;
-- 
2.43.0





[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux