File util-linux-libblkid-overflow.patch of Package util-linux.openSUSE_13.1_Update

Index: util-linux-2.23.2/libblkid/src/partitions/gpt.c
===================================================================
--- util-linux-2.23.2.orig/libblkid/src/partitions/gpt.c
+++ util-linux-2.23.2/libblkid/src/partitions/gpt.c
@@ -17,6 +17,7 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <stddef.h>
+#include <limits.h>
 
 #include "partitions.h"
 #include "crc32.h"
@@ -259,14 +260,17 @@ static struct gpt_header *get_gpt_header
 		return NULL;
 	}
 
-	/* Size of blocks with GPT entries */
-	esz = le32_to_cpu(h->num_partition_entries) *
-			le32_to_cpu(h->sizeof_partition_entry);
-	if (!esz) {
+	if (le32_to_cpu(h->num_partition_entries) == 0 ||
+	    le32_to_cpu(h->sizeof_partition_entry) == 0 ||
+	    ULONG_MAX/le32_to_cpu(h->num_partition_entries) < le32_to_cpu(h->sizeof_partition_entry)) {
 		DBG(LOWPROBE, blkid_debug("GPT entries undefined"));
 		return NULL;
 	}
 
+	/* Size of blocks with GPT entries */
+	esz = le32_to_cpu(h->num_partition_entries) *
+			le32_to_cpu(h->sizeof_partition_entry);
+
 	/* The header seems valid, save it
 	 * (we don't care about zeros in hdr->reserved2 area) */
 	memcpy(hdr, h, sizeof(*h));
Index: util-linux-2.23.2/libblkid/src/probe.c
===================================================================
--- util-linux-2.23.2.orig/libblkid/src/probe.c
+++ util-linux-2.23.2/libblkid/src/probe.c
@@ -103,6 +103,7 @@
 #include <inttypes.h>
 #include <stdint.h>
 #include <stdarg.h>
+#include <limits.h>
 
 #ifdef HAVE_LIBUUID
 # include <uuid.h>
@@ -562,6 +563,12 @@ unsigned char *blkid_probe_get_buffer(bl
 		if (blkid_llseek(pr->fd, pr->off + off, SEEK_SET) < 0)
 			return NULL;
 
+		/* someone trying to overflow some buffers? */
+		if (len >= ULONG_MAX - sizeof(struct blkid_bufinfo)) {
+			errno = ENOMEM;
+			return NULL;
+		}
+
 		/* allocate info and space for data by why call */
 		bf = calloc(1, sizeof(struct blkid_bufinfo) + len);
 		if (!bf)
Index: util-linux-2.23.2/libblkid/src/superblocks/zfs.c
===================================================================
--- util-linux-2.23.2.orig/libblkid/src/superblocks/zfs.c
+++ util-linux-2.23.2/libblkid/src/superblocks/zfs.c
@@ -12,6 +12,7 @@
 #include <errno.h>
 #include <ctype.h>
 #include <inttypes.h>
+#include <limits.h>
 
 #include "superblocks.h"
 
@@ -108,6 +109,8 @@ static void zfs_extract_guid_name(blkid_
 
 			nvs->nvs_type = be32_to_cpu(nvs->nvs_type);
 			nvs->nvs_strlen = be32_to_cpu(nvs->nvs_strlen);
+			if (nvs->nvs_strlen >= UINT_MAX - sizeof(*nvs))
+				break;
 			avail -= nvs->nvs_strlen + sizeof(*nvs);
 			nvdebug("nvstring: type %u string %*s\n", nvs->nvs_type,
 				nvs->nvs_strlen, nvs->nvs_string);