From: Karel Zak <kzak@redhat.com>
Date: Thu, 6 Apr 2017 10:13:46 +0000 (+0200)
Subject: libfdisk: (gpt) care about SSIZE_MAX for read(2)
X-Git-Tag: v2.30-rc1~133
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8294f401f627bd6e9f918d629caebfdf4bdc9f6;p=thirdparty%2Futil-linux.git

libfdisk: (gpt) care about SSIZE_MAX for read(2)

read(2) behavior is undefined if you want to read more  than SSIZE_MAX
bytes. Let's be paranoid and check for this...

Reported-by: Ruediger Meier <sweet_f_a@gmx.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/libfdisk/src/gpt.c b/libfdisk/src/gpt.c
index 047ba59c6a..36198c3bde 100644
--- a/libfdisk/src/gpt.c
+++ b/libfdisk/src/gpt.c
@@ -874,6 +874,11 @@ static unsigned char *gpt_read_entries(struct fdisk_context *cxt,
 	if (gpt_sizeof_ents(header, &sz))
 		return NULL;
 
+	if (sz > (size_t) SSIZE_MAX) {
+		DBG(LABEL, ul_debug("GPT entries array too large to read()"));
+		return NULL;
+	}
+
 	ret = calloc(1, sz);
 	if (!ret)
 		return NULL;