Skip to content

Commit

Permalink
kbootd: fix overflow when reading gpt header
Browse files Browse the repository at this point in the history
When we read GPT header on LBA 1 we must use data allocated with a
size of LBA_SIZE.
Otherwise we may have an overflow.

Signed-off-by: Julien Masson <[email protected]>
  • Loading branch information
massonju committed Oct 5, 2023
1 parent c0db7d1 commit 9dee0bb
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions kbootd/src/part.c
Original file line number Diff line number Diff line change
Expand Up @@ -327,9 +327,9 @@ static void gpt_convert_efi_name_to_char(char *s, void *es, int n)
static int find_gpt_entry(int fd, const char *name, struct gpt_entry *gpt_e,
off_t *offset)
{
struct gpt_header gpt_hdr;
struct gpt_header *gpt_hdr;
char part[PARTNAME_SZ];
char data[LBA_SIZE];
char data[LBA_SIZE];
int ret;

/* GPT header on LBA 1 */
Expand All @@ -339,13 +339,16 @@ static int find_gpt_entry(int fd, const char *name, struct gpt_entry *gpt_e,
return ret;
}

ret = kread(fd, (char *)&gpt_hdr, LBA_SIZE);
memset(data, '\0', LBA_SIZE);
ret = kread(fd, data, LBA_SIZE);
if (ret == -1) {
log("read GPT header failed\n");
return -1;
}
gpt_hdr = (struct gpt_header *)data;

for (int i = 0; i < gpt_hdr.n_parts; i++) {
for (int i = 0; i < gpt_hdr->n_parts; i++) {
memset(data, '\0', LBA_SIZE);
ret = kread(fd, data, LBA_SIZE);
if (ret == -1) {
log("read GPT entry failed\n");
Expand Down

0 comments on commit 9dee0bb

Please sign in to comment.