libblkid: avoid non-empty recursion in EBR

This is extension to the patch 7164a1c34d18831ac61c6744ad14ce916d389b3f.

We also need to detect non-empty recursion in the EBR chain. It's
possible to create standard valid logical partitions and in the last one
points back to the EBR chain. In this case all offsets will be non-empty.

Unfortunately, it's valid to create logical partitions that are not in
the "disk order" (sorted by start offset). So link somewhere back is
valid, but this link cannot points to already existing partition
(otherwise we will see recursion).

This patch forces libblkid to ignore duplicate logical partitions, the
duplicate chain segment is interpreted as non-data segment, after 100
iterations with non-data segments it will break the loop -- no memory
is allocated in this case by the loop.

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1349536
References: http://seclists.org/oss-sec/2016/q3/40
Signed-off-by: Karel Zak <kzak@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/libblkid/src/partitions/dos.c b/libblkid/src/partitions/dos.c
index e79f124f8..2a6414025 100644
--- a/libblkid/src/partitions/dos.c
+++ b/libblkid/src/partitions/dos.c
@@ -105,6 +105,13 @@ static int parse_dos_extended(blkid_probe pr, blkid_parttable tab,
 					continue;
 			}
 
+			/* Avoid recursive non-empty links, see ct_nodata counter */
+			if (blkid_partlist_get_partition_by_start(ls, abs_start)) {
+				DBG(LOWPROBE, ul_debug("#%d: EBR duplicate data partition [abs start=%u] -- ignore",
+							i + 1, abs_start));
+				continue;
+			}
+
 			par = blkid_partlist_add_partition(ls, tab, abs_start, size);
 			if (!par)
 				return -ENOMEM;