Site Navigation

Date:      Tue, 21 Jun 2011 10:35:20 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r223364 - head/sbin/geom/class/part
Message-ID:  <201106211035.p5LAZKGq091941@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: ae
Date: Tue Jun 21 10:35:20 2011
New Revision: 223364
URL: http://svn.freebsd.org/changeset/base/223364

Log:
  When user specifies the bootcode with size smaller than VTOC_BOOTCODE,
  gpart_write_partcode_vtoc8 does access out of range of allocated memory.
  Check size of bootcode before writing it.
  
  Pointed out by:		ru
  MFC after:		1 week

Modified:
  head/sbin/geom/class/part/geom_part.c

Modified: head/sbin/geom/class/part/geom_part.c
==============================================================================
--- head/sbin/geom/class/part/geom_part.c	Tue Jun 21 09:19:38 2011	(r223363)
+++ head/sbin/geom/class/part/geom_part.c	Tue Jun 21 10:35:20 2011	(r223364)
@@ -1208,8 +1208,11 @@ gpart_bootcode(struct gctl_req *req, uns
 			if (idx == 0)
 				errx(EXIT_FAILURE, "missing -i option");
 			gpart_write_partcode(gp, idx, partcode, partsize);
-		} else
+		} else {
+			if (partsize != VTOC_BOOTSIZE)
+				errx(EXIT_FAILURE, "invalid bootcode");
 			gpart_write_partcode_vtoc8(gp, idx, partcode);
+		}
 	} else
 		if (bootcode == NULL)
 			errx(EXIT_FAILURE, "no -b nor -p");

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106211035.p5LAZKGq091941>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact