From b97b34887b96983be0a9251c6478ef2aad0fbe26 Mon Sep 17 00:00:00 2001 From: Julien Masson Date: Thu, 5 Oct 2023 17:32:16 +0200 Subject: [PATCH] kbootd: fix overflow when reading gpt header When we read GPT header on LBA 1 we must use data allocated with a size of LBA_SIZE. Otherwise we may have an overflow. Signed-off-by: Julien Masson --- kbootd/src/part.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/kbootd/src/part.c b/kbootd/src/part.c index 66da6bf..afad331 100644 --- a/kbootd/src/part.c +++ b/kbootd/src/part.c @@ -327,9 +327,10 @@ static void gpt_convert_efi_name_to_char(char *s, void *es, int n) static int find_gpt_entry(int fd, const char *name, struct gpt_entry *gpt_e, off_t *offset) { - struct gpt_header gpt_hdr; + struct gpt_header *gpt_hdr; char part[PARTNAME_SZ]; - char data[LBA_SIZE]; + char data_hdr[LBA_SIZE]; + char data_part[LBA_SIZE]; int ret; /* GPT header on LBA 1 */ @@ -339,19 +340,20 @@ static int find_gpt_entry(int fd, const char *name, struct gpt_entry *gpt_e, return ret; } - ret = kread(fd, (char *)&gpt_hdr, LBA_SIZE); + ret = kread(fd, data_hdr, LBA_SIZE); if (ret == -1) { log("read GPT header failed\n"); return -1; } + gpt_hdr = (struct gpt_header *)data_hdr; - for (int i = 0; i < gpt_hdr.n_parts; i++) { - ret = kread(fd, data, LBA_SIZE); + for (int i = 0; i < gpt_hdr->n_parts; i++) { + ret = kread(fd, data_part, LBA_SIZE); if (ret == -1) { log("read GPT entry failed\n"); return -1; } - memcpy(gpt_e, data, sizeof(struct gpt_entry)); + memcpy(gpt_e, data_part, sizeof(struct gpt_entry)); gpt_convert_efi_name_to_char(part, gpt_e->partition_name, PARTNAME_SZ); if (!strcmp(part, name)) {