Module Name: src
Committed By: martin
Date: Tue Aug 13 14:29:57 UTC 2019
Modified Files:
src/sys/arch/i386/stand/lib [netbsd-8]: bootinfo_biosgeom.c
Log Message:
Pull up following revision(s) (requested by manu in ticket #1336):
sys/arch/i386/stand/lib/bootinfo_biosgeom.c: revision 1.24
Fix buffer overflow in BIOS disk geometry collect for bootinfo
This spares a boot-time panic on iMac with fusion drive, which
feature both a hard drive and a solid-state drive.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.23.6.1 \
src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c
diff -u src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c:1.23 src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c:1.23.6.1
--- src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c:1.23 Tue Jan 24 11:09:14 2017
+++ src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c Tue Aug 13 14:29:57 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: bootinfo_biosgeom.c,v 1.23 2017/01/24 11:09:14 nonaka Exp $ */
+/* $NetBSD: bootinfo_biosgeom.c,v 1.23.6.1 2019/08/13 14:29:57 martin Exp $ */
/*
* Copyright (c) 1997
@@ -60,6 +60,7 @@ void
bi_getbiosgeom(void)
{
struct btinfo_biosgeom *bibg;
+ size_t bibg_len = sizeof(*bibg);
int i, j, nvalid;
int nhd;
unsigned int cksum;
@@ -72,8 +73,8 @@ bi_getbiosgeom(void)
printf("nhd %d\n", nhd);
#endif
- bibg = alloc(sizeof(struct btinfo_biosgeom)
- + (nhd - 1) * sizeof(struct bi_biosgeom_entry));
+ bibg_len += nhd * sizeof(struct bi_biosgeom_entry);
+ bibg = alloc(bibg_len);
if (bibg == NULL)
return;
@@ -175,6 +176,8 @@ bi_getbiosgeom(void)
bibg->num = nvalid;
- BI_ADD(bibg, BTINFO_BIOSGEOM, sizeof(struct btinfo_biosgeom)
- + nvalid * sizeof(struct bi_biosgeom_entry));
+ if (nvalid < nhd)
+ bibg_len -= (nhd - nvalid) * sizeof(struct bi_biosgeom_entry);
+
+ BI_ADD(bibg, BTINFO_BIOSGEOM, bibg_len);
}
