diff options
| author | Karel Zak | 2017-01-25 12:00:27 +0100 |
|---|---|---|
| committer | Karel Zak | 2017-01-25 12:00:27 +0100 |
| commit | f71b96bfa1b8ec77a26db38c7eb92fe5b7e97b47 (patch) | |
| tree | a437e5aac46ee18a2fd84a24616345766fb694c7 /libfdisk/src | |
| parent | libblkid: Fix out of bounds reads in BEFS handling (diff) | |
| download | kernel-qcow2-util-linux-f71b96bfa1b8ec77a26db38c7eb92fe5b7e97b47.tar.gz kernel-qcow2-util-linux-f71b96bfa1b8ec77a26db38c7eb92fe5b7e97b47.tar.xz kernel-qcow2-util-linux-f71b96bfa1b8ec77a26db38c7eb92fe5b7e97b47.zip | |
libfdisk: (gpt) add check for entries array size
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'libfdisk/src')
| -rw-r--r-- | libfdisk/src/gpt.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/libfdisk/src/gpt.c b/libfdisk/src/gpt.c index 464604356..b6158fb45 100644 --- a/libfdisk/src/gpt.c +++ b/libfdisk/src/gpt.c @@ -830,6 +830,12 @@ static struct gpt_entry *gpt_read_entries(struct fdisk_context *cxt, sz = (ssize_t) le32_to_cpu(header->npartition_entries) * le32_to_cpu(header->sizeof_partition_entry); + if (sz == 0 || sz >= UINT32_MAX || + le32_to_cpu(header->sizeof_partition_entry) != sizeof(struct gpt_entry)) { + DBG(LABEL, ul_debug("GPT entreis array size check failed")); + return NULL; + } + ret = calloc(1, sz); if (!ret) return NULL; @@ -2534,6 +2540,12 @@ int fdisk_gpt_set_npartitions(struct fdisk_context *cxt, uint32_t entries) /* calculate the size (bytes) of the entries array */ new_size = entries * le32_to_cpu(gpt->pheader->sizeof_partition_entry); + if (new_size >= UINT32_MAX) { + fdisk_warnx(cxt, _("The number of the partition has be smaller than %zu."), + UINT32_MAX / le32_to_cpu(gpt->pheader->sizeof_partition_entry)); + return -EINVAL; + } + old_size = old * le32_to_cpu(gpt->pheader->sizeof_partition_entry); /* calculate new range of usable LBAs */ |