git: ad1f936ab7e4 - main - Reject providers with too small a size for metadata
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 20 Apr 2025 19:30:58 UTC
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=ad1f936ab7e497926e46079de8df7407ab123213 commit ad1f936ab7e497926e46079de8df7407ab123213 Author: Rose <gfunni234@gmail.com> AuthorDate: 2025-04-16 22:35:20 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2025-04-20 19:30:41 +0000 Reject providers with too small a size for metadata Otherwise, if a misbehaving device claims a sectorsize smaller than 256, the memcpy will overflow the allocated buffer, since sizeof(*meta) is 256. Signed-off-by: Rose <gfunni234@gmail.com> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1668 --- sys/geom/raid/md_sii.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/geom/raid/md_sii.c b/sys/geom/raid/md_sii.c index a340e8e49846..7019d48f42b4 100644 --- a/sys/geom/raid/md_sii.c +++ b/sys/geom/raid/md_sii.c @@ -921,6 +921,13 @@ g_raid_md_taste_sii(struct g_raid_md_object *md, struct g_class *mp, mdi = (struct g_raid_md_sii_object *)md; pp = cp->provider; + /* Explicitly reject providers with too small sector size */ + if (pp->sectorsize < sizeof(struct sii_raid_conf)) { + G_RAID_DEBUG(1, "SiI sector size too small on %s: %u < %zu", + pp->name, pp->sectorsize, sizeof(struct sii_raid_conf)); + return (G_RAID_MD_TASTE_FAIL); + } + /* Read metadata from device. */ meta = NULL; g_topology_unlock();