linux/block/partitions
Alden Tondettar c5082b70ad partitions/efi: Fix integer overflow in GPT size calculation
If a GUID Partition Table claims to have more than 2**25 entries, the
calculation of the partition table size in alloc_read_gpt_entries() will
overflow a 32-bit integer and not enough space will be allocated for the
table.

Nothing seems to get written out of bounds, but later efi_partition() will
read up to 32768 bytes from a 128 byte buffer, possibly OOPSing or exposing
information to /proc/partitions and uevents.

The problem exists on both 64-bit and 32-bit platforms.

Fix the overflow and also print a meaningful debug message if the table
size is too large.

Signed-off-by: Alden Tondettar <alden.tondettar@gmail.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jens Axboe <axboe@fb.com>
2017-01-17 09:02:31 -07:00
..
acorn.c
acorn.h
aix.c
aix.h
amiga.c
amiga.h
atari.c
atari.h
check.c
check.h
cmdline.c
cmdline.h
efi.c partitions/efi: Fix integer overflow in GPT size calculation 2017-01-17 09:02:31 -07:00
efi.h
ibm.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ibm.h
karma.c
karma.h
Kconfig
ldm.c
ldm.h
mac.c
mac.h
Makefile
msdos.c
msdos.h
osf.c
osf.h
sgi.c
sgi.h
sun.c
sun.h
sysv68.c
sysv68.h
ultrix.c
ultrix.h