From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Tue, 15 Aug 2023 19:25:44 +0000 (+0200)
Subject: libblkid: limit read buffer size
X-Git-Tag: v2.40-rc1~276^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=65b1f3deed1e737fd4f3c80815200c38f2409fdc;p=thirdparty%2Futil-linux.git

libblkid: limit read buffer size

Many probers read data from disk bounded by some field from the probed
disk itself.
The probers should validate the read length before using.
Add a fallback that kicks in when the proper does not check the length
epxlicitly.

See #2427
Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
---

diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
index fdad0c2661..b05c5b58b6 100644
--- a/libblkid/src/probe.c
+++ b/libblkid/src/probe.c
@@ -688,6 +688,11 @@ const unsigned char *blkid_probe_get_buffer(blkid_probe pr, uint64_t off, uint64
 		return NULL;
 	}
 
+	if (len > 8388608 /* 8 Mib */ ) {
+		DBG(BUFFER, ul_debug("\t  too large read request (ignore)"));
+		return NULL;
+	}
+
 	if (len == 0
 	    || (!S_ISCHR(pr->mode) && (pr->size < off || pr->size < len))
 	    || (!S_ISCHR(pr->mode) && (pr->off + pr->size < real_off + len))) {