Author: ae
Date: Tue Jun 21 10:35:20 2011
New Revision: 223364
URL: http://svn.freebsd.org/changeset/base/223364
Log:
When user specifies the bootcode with size smaller than VTOC_BOOTCODE,
gpart_write_partcode_vtoc8 does access out of range of allocated memory.
Check size of bootcode before writing it.
Pointed out by: ru
MFC after: 1 week
Modified:
head/sbin/geom/class/part/geom_part.c
Modified: head/sbin/geom/class/part/geom_part.c
==============================================================================
--- head/sbin/geom/class/part/geom_part.c Tue Jun 21 09:19:38 2011
(r223363)
+++ head/sbin/geom/class/part/geom_part.c Tue Jun 21 10:35:20 2011
(r223364)
@@ -1208,8 +1208,11 @@ gpart_bootcode(struct gctl_req *req, uns
if (idx == 0)
errx(EXIT_FAILURE, "missing -i option");
gpart_write_partcode(gp, idx, partcode, partsize);
- } else
+ } else {
+ if (partsize != VTOC_BOOTSIZE)
+ errx(EXIT_FAILURE, "invalid bootcode");
gpart_write_partcode_vtoc8(gp, idx, partcode);
+ }
} else
if (bootcode == NULL)
errx(EXIT_FAILURE, "no -b nor -p");
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
