mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 10:48:02 +00:00
geom_part: Fix potential integer overflow when checking size of the table
`hdr_entries` and `hdr_entsz` are both uint32_t as defined in UEFI spec. Current spec does not have upper limit of the number of partition entries and the size of partition entry, it is potential that malicious or corrupted GPT header read from untrusted source contains large size of entry number or size. PR: 266548 Reviewed by: oshogbo, cem, imp, markj Approved by: kp (mentor) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D36709
This commit is contained in:
parent
54f3a781a2
commit
2e543af13a
|
@ -515,7 +515,8 @@ gpt_read_hdr(struct g_part_gpt_table *table, struct g_consumer *cp,
|
|||
hdr->hdr_lba_table <= hdr->hdr_lba_end)
|
||||
goto fail;
|
||||
lba = hdr->hdr_lba_table +
|
||||
howmany(hdr->hdr_entries * hdr->hdr_entsz, pp->sectorsize) - 1;
|
||||
howmany((uint64_t)hdr->hdr_entries * hdr->hdr_entsz,
|
||||
pp->sectorsize) - 1;
|
||||
if (lba >= last)
|
||||
goto fail;
|
||||
if (lba >= hdr->hdr_lba_start && lba <= hdr->hdr_lba_end)
|
||||
|
|
Loading…
Reference in a new issue