From 9dee0bb347dddf72096a2c88ef62e40e7695d2f8 Mon Sep 17 00:00:00 2001 From: Julien Masson Date: Thu, 5 Oct 2023 17:32:16 +0200 Subject: [PATCH] kbootd: fix overflow when reading gpt header When we read GPT header on LBA 1 we must use data allocated with a size of LBA_SIZE. Otherwise we may have an overflow. Signed-off-by: Julien Masson --- kbootd/src/part.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/kbootd/src/part.c b/kbootd/src/part.c index 66da6bf..e592265 100644 --- a/kbootd/src/part.c +++ b/kbootd/src/part.c @@ -327,9 +327,9 @@ static void gpt_convert_efi_name_to_char(char *s, void *es, int n) static int find_gpt_entry(int fd, const char *name, struct gpt_entry *gpt_e, off_t *offset) { - struct gpt_header gpt_hdr; + struct gpt_header *gpt_hdr; char part[PARTNAME_SZ]; - char data[LBA_SIZE]; + char data[LBA_SIZE]; int ret; /* GPT header on LBA 1 */ @@ -339,13 +339,16 @@ static int find_gpt_entry(int fd, const char *name, struct gpt_entry *gpt_e, return ret; } - ret = kread(fd, (char *)&gpt_hdr, LBA_SIZE); + memset(data, '\0', LBA_SIZE); + ret = kread(fd, data, LBA_SIZE); if (ret == -1) { log("read GPT header failed\n"); return -1; } + gpt_hdr = (struct gpt_header *)data; - for (int i = 0; i < gpt_hdr.n_parts; i++) { + for (int i = 0; i < gpt_hdr->n_parts; i++) { + memset(data, '\0', LBA_SIZE); ret = kread(fd, data, LBA_SIZE); if (ret == -1) { log("read GPT entry failed\n");