• T
    Fix corrupted OSF partition table parsing · 1eafbfeb
    Timo Warns 提交于
    The kernel automatically evaluates partition tables of storage devices.
    The code for evaluating OSF partitions contains a bug that leaks data
    from kernel heap memory to userspace for certain corrupted OSF
    partitions.
    
    In more detail:
    
      for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) {
    
    iterates from 0 to d_npartitions - 1, where d_npartitions is read from
    the partition table without validation and partition is a pointer to an
    array of at most 8 d_partitions.
    
    Add the proper and obvious validation.
    Signed-off-by: NTimo Warns <warns@pre-sense.de>
    Cc: stable@kernel.org
    [ Changed the patch trivially to not repeat the whole le16_to_cpu()
      thing, and to use an explicit constant for the magic value '8' ]
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    1eafbfeb
osf.c 1.9 KB