git: ad1f936ab7e4 - main - Reject providers with too small a size for metadata
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 20 Apr 2025 19:30:58 UTC
The branch main has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=ad1f936ab7e497926e46079de8df7407ab123213
commit ad1f936ab7e497926e46079de8df7407ab123213
Author: Rose <gfunni234@gmail.com>
AuthorDate: 2025-04-16 22:35:20 +0000
Commit: Warner Losh <imp@FreeBSD.org>
CommitDate: 2025-04-20 19:30:41 +0000
Reject providers with too small a size for metadata
Otherwise, if a misbehaving device claims a sectorsize smaller than 256, the
memcpy will overflow the allocated buffer, since sizeof(*meta) is 256.
Signed-off-by: Rose <gfunni234@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1668
---
sys/geom/raid/md_sii.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sys/geom/raid/md_sii.c b/sys/geom/raid/md_sii.c
index a340e8e49846..7019d48f42b4 100644
--- a/sys/geom/raid/md_sii.c
+++ b/sys/geom/raid/md_sii.c
@@ -921,6 +921,13 @@ g_raid_md_taste_sii(struct g_raid_md_object *md, struct g_class *mp,
mdi = (struct g_raid_md_sii_object *)md;
pp = cp->provider;
+ /* Explicitly reject providers with too small sector size */
+ if (pp->sectorsize < sizeof(struct sii_raid_conf)) {
+ G_RAID_DEBUG(1, "SiI sector size too small on %s: %u < %zu",
+ pp->name, pp->sectorsize, sizeof(struct sii_raid_conf));
+ return (G_RAID_MD_TASTE_FAIL);
+ }
+
/* Read metadata from device. */
meta = NULL;
g_topology_unlock();