[Bug 266562] malicious Linux LVM label can cause crash during taste

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 266562] malicious Linux LVM label can cause crash during taste"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 22 Aug 2023 09:40:14 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266562

--- Comment #6 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=c941b82e1c31a67a025c43cc7bd31f269fa62588

commit c941b82e1c31a67a025c43cc7bd31f269fa62588
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2023-08-22 09:20:10 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2023-08-22 09:20:10 +0000

    geom_linux_lvm: Check the offset of physical volume header

    The LVM label is stored on any of the first four sectors, and the
    PV (physical volume) header is stored within the same sector following
    the LVM label. The current implementation does not fully check the
    offset of PV header, when attaching a bad formatted LVM PV the kernel
    may crash due to out-of-bounds memory read.

    PR:     266562
    Reviewed by:    jhb
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D36773

 sys/geom/linux_lvm/g_linux_lvm.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.