Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:AndreasSchwab:13.1
util-linux
util-linux-libblkid-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File util-linux-libblkid-overflow.patch of Package util-linux
Index: util-linux-2.23.2/libblkid/src/partitions/gpt.c =================================================================== --- util-linux-2.23.2.orig/libblkid/src/partitions/gpt.c +++ util-linux-2.23.2/libblkid/src/partitions/gpt.c @@ -17,6 +17,7 @@ #include <stdlib.h> #include <stdint.h> #include <stddef.h> +#include <limits.h> #include "partitions.h" #include "crc32.h" @@ -259,14 +260,17 @@ static struct gpt_header *get_gpt_header return NULL; } - /* Size of blocks with GPT entries */ - esz = le32_to_cpu(h->num_partition_entries) * - le32_to_cpu(h->sizeof_partition_entry); - if (!esz) { + if (le32_to_cpu(h->num_partition_entries) == 0 || + le32_to_cpu(h->sizeof_partition_entry) == 0 || + ULONG_MAX/le32_to_cpu(h->num_partition_entries) < le32_to_cpu(h->sizeof_partition_entry)) { DBG(LOWPROBE, blkid_debug("GPT entries undefined")); return NULL; } + /* Size of blocks with GPT entries */ + esz = le32_to_cpu(h->num_partition_entries) * + le32_to_cpu(h->sizeof_partition_entry); + /* The header seems valid, save it * (we don't care about zeros in hdr->reserved2 area) */ memcpy(hdr, h, sizeof(*h)); Index: util-linux-2.23.2/libblkid/src/probe.c =================================================================== --- util-linux-2.23.2.orig/libblkid/src/probe.c +++ util-linux-2.23.2/libblkid/src/probe.c @@ -103,6 +103,7 @@ #include <inttypes.h> #include <stdint.h> #include <stdarg.h> +#include <limits.h> #ifdef HAVE_LIBUUID # include <uuid.h> @@ -562,6 +563,12 @@ unsigned char *blkid_probe_get_buffer(bl if (blkid_llseek(pr->fd, pr->off + off, SEEK_SET) < 0) return NULL; + /* someone trying to overflow some buffers? */ + if (len >= ULONG_MAX - sizeof(struct blkid_bufinfo)) { + errno = ENOMEM; + return NULL; + } + /* allocate info and space for data by why call */ bf = calloc(1, sizeof(struct blkid_bufinfo) + len); if (!bf) Index: util-linux-2.23.2/libblkid/src/superblocks/zfs.c =================================================================== --- util-linux-2.23.2.orig/libblkid/src/superblocks/zfs.c +++ util-linux-2.23.2/libblkid/src/superblocks/zfs.c @@ -12,6 +12,7 @@ #include <errno.h> #include <ctype.h> #include <inttypes.h> +#include <limits.h> #include "superblocks.h" @@ -108,6 +109,8 @@ static void zfs_extract_guid_name(blkid_ nvs->nvs_type = be32_to_cpu(nvs->nvs_type); nvs->nvs_strlen = be32_to_cpu(nvs->nvs_strlen); + if (nvs->nvs_strlen >= UINT_MAX - sizeof(*nvs)) + break; avail -= nvs->nvs_strlen + sizeof(*nvs); nvdebug("nvstring: type %u string %*s\n", nvs->nvs_type, nvs->nvs_strlen, nvs->nvs_string);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor