From: Karel Zak <kzak@redhat.com>
Date: Wed, 25 Jan 2017 11:00:27 +0000 (+0100)
Subject: libfdisk: (gpt) add check for entries array size
X-Git-Tag: v2.29.2~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0d533c6bc47796a22ba23f89778dd18fba708d16;p=thirdparty%2Futil-linux.git

libfdisk: (gpt) add check for entries array size

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/libfdisk/src/gpt.c b/libfdisk/src/gpt.c
index 4646043560..b6158fb45a 100644
--- a/libfdisk/src/gpt.c
+++ b/libfdisk/src/gpt.c
@@ -830,6 +830,12 @@ static struct gpt_entry *gpt_read_entries(struct fdisk_context *cxt,
 	sz = (ssize_t) le32_to_cpu(header->npartition_entries) *
 	     le32_to_cpu(header->sizeof_partition_entry);
 
+	if (sz == 0 || sz >= UINT32_MAX ||
+	    le32_to_cpu(header->sizeof_partition_entry) != sizeof(struct gpt_entry)) {
+		DBG(LABEL, ul_debug("GPT entreis array size check failed"));
+		return NULL;
+	}
+
 	ret = calloc(1, sz);
 	if (!ret)
 		return NULL;
@@ -2534,6 +2540,12 @@ int fdisk_gpt_set_npartitions(struct fdisk_context *cxt, uint32_t entries)
 
 	/* calculate the size (bytes) of the entries array */
 	new_size = entries * le32_to_cpu(gpt->pheader->sizeof_partition_entry);
+	if (new_size >= UINT32_MAX) {
+		fdisk_warnx(cxt, _("The number of the partition has be smaller than %zu."),
+				UINT32_MAX / le32_to_cpu(gpt->pheader->sizeof_partition_entry));
+		return -EINVAL;
+	}
+
 	old_size = old * le32_to_cpu(gpt->pheader->sizeof_partition_entry);
 
 	/* calculate new range of usable LBAs */