svn commit: r223364 - head/sbin/geom/class/part
Andrey V. Elsukov
ae at FreeBSD.org
Tue Jun 21 10:35:20 UTC 2011
Author: ae
Date: Tue Jun 21 10:35:20 2011
New Revision: 223364
URL: http://svn.freebsd.org/changeset/base/223364
Log:
When user specifies the bootcode with size smaller than VTOC_BOOTCODE,
gpart_write_partcode_vtoc8 does access out of range of allocated memory.
Check size of bootcode before writing it.
Pointed out by: ru
MFC after: 1 week
Modified:
head/sbin/geom/class/part/geom_part.c
Modified: head/sbin/geom/class/part/geom_part.c
==============================================================================
--- head/sbin/geom/class/part/geom_part.c Tue Jun 21 09:19:38 2011 (r223363)
+++ head/sbin/geom/class/part/geom_part.c Tue Jun 21 10:35:20 2011 (r223364)
@@ -1208,8 +1208,11 @@ gpart_bootcode(struct gctl_req *req, uns
if (idx == 0)
errx(EXIT_FAILURE, "missing -i option");
gpart_write_partcode(gp, idx, partcode, partsize);
- } else
+ } else {
+ if (partsize != VTOC_BOOTSIZE)
+ errx(EXIT_FAILURE, "invalid bootcode");
gpart_write_partcode_vtoc8(gp, idx, partcode);
+ }
} else
if (bootcode == NULL)
errx(EXIT_FAILURE, "no -b nor -p");
More information about the svn-src-head
mailing list