svn commit: r320553 - head/sys/boot/efi/libefi
Allan Jude
allanjude at FreeBSD.org
Sat Jul 1 20:25:23 UTC 2017
Author: allanjude
Date: Sat Jul 1 20:25:22 2017
New Revision: 320553
URL: https://svnweb.freebsd.org/changeset/base/320553
Log:
Integer underflow in efipart_realstrategy when I/O starts after end of disk
This fixes an integer underflow in efipart_realstrategy, which causes
crashes when an I/O operation's start point is after the end of the disk.
This can happen when trying to detect filesystems on very small disks.
This can occur if a BIOS freebsd-boot partition exists on a system when the
EFI loader is being used.
PR: 219000
Submitted by: Eric McCorkle <eric at metricspace.net>
Reviewed by: cem (previous version), tsoome (previous version)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D10559
Modified:
head/sys/boot/efi/libefi/efipart.c
Modified: head/sys/boot/efi/libefi/efipart.c
==============================================================================
--- head/sys/boot/efi/libefi/efipart.c Sat Jul 1 20:08:45 2017 (r320552)
+++ head/sys/boot/efi/libefi/efipart.c Sat Jul 1 20:25:22 2017 (r320553)
@@ -888,6 +888,7 @@ efipart_realstrategy(void *devdata, int rw, daddr_t bl
char *blkbuf;
size_t blkoff, blksz;
int error;
+ size_t diskend, readstart;
if (dev == NULL || blk < 0)
return (EINVAL);
@@ -925,7 +926,15 @@ efipart_realstrategy(void *devdata, int rw, daddr_t bl
/* make sure we don't read past disk end */
if ((off + size) / blkio->Media->BlockSize > d_offset + disk_blocks) {
- size = d_offset + disk_blocks - off / blkio->Media->BlockSize;
+ diskend = d_offset + disk_blocks;
+ readstart = off / blkio->Media->BlockSize;
+
+ if (diskend <= readstart) {
+ *rsize = 0;
+
+ return (EIO);
+ }
+ size = diskend - readstart;
size = size * blkio->Media->BlockSize;
}
More information about the svn-src-all
mailing list