libfdisk: (gpt) care about SSIZE_MAX for read(2)

read(2) behavior is undefined if you want to read more than SSIZE_MAX bytes. Let's be paranoid and check for this... Reported-by: Ruediger Meier <sweet_f_a@gmx.de> Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2017-04-06 12:13:46 +0200
committer: Karel Zak 2017-04-06 12:13:46 +0200
commit: a8294f401f627bd6e9f918d629caebfdf4bdc9f6 (patch)
tree: 81290d4bd496ceadc35c357bccd60ff36838fb36 /libfdisk/src/gpt.c
parent: libfdisk: (gpt) make entries array size calculation more robust (diff)
download: kernel-qcow2-util-linux-a8294f401f627bd6e9f918d629caebfdf4bdc9f6.tar.gz
kernel-qcow2-util-linux-a8294f401f627bd6e9f918d629caebfdf4bdc9f6.tar.xz
kernel-qcow2-util-linux-a8294f401f627bd6e9f918d629caebfdf4bdc9f6.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/libfdisk/src/gpt.c b/libfdisk/src/gpt.c
index 047ba59c6..36198c3bd 100644
--- a/libfdisk/src/gpt.c
+++ b/libfdisk/src/gpt.c
@@ -874,6 +874,11 @@ static unsigned char *gpt_read_entries(struct fdisk_context *cxt,
 	if (gpt_sizeof_ents(header, &sz))
 		return NULL;
 
+	if (sz > (size_t) SSIZE_MAX) {
+		DBG(LABEL, ul_debug("GPT entries array too large to read()"));
+		return NULL;
+	}
+
 	ret = calloc(1, sz);
 	if (!ret)
 		return NULL;
author	Karel Zak	2017-04-06 12:13:46 +0200
committer	Karel Zak	2017-04-06 12:13:46 +0200
commit	a8294f401f627bd6e9f918d629caebfdf4bdc9f6 (patch)
tree	81290d4bd496ceadc35c357bccd60ff36838fb36 /libfdisk/src/gpt.c
parent	libfdisk: (gpt) make entries array size calculation more robust (diff)
download	kernel-qcow2-util-linux-a8294f401f627bd6e9f918d629caebfdf4bdc9f6.tar.gz kernel-qcow2-util-linux-a8294f401f627bd6e9f918d629caebfdf4bdc9f6.tar.xz kernel-qcow2-util-linux-a8294f401f627bd6e9f918d629caebfdf4bdc9f6.zip