diff options
| author | Alden Tondettar <alden.tondettar@gmail.com> | 2017-01-15 15:31:56 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-10-08 10:14:18 +0200 |
| commit | 8e8c3d4bb62950c37f086be7d3d775b4879c30df (patch) | |
| tree | dbfad4c00c3eea712e4359de4eb9466040fa0780 /include/linux/audit.h | |
| parent | abbccd85575319472e468b009fc0816cdab7a795 (diff) | |
partitions/efi: Fix integer overflow in GPT size calculation
[ Upstream commit c5082b70adfe8e1ea1cf4a8eff92c9f260e364d2 ]
If a GUID Partition Table claims to have more than 2**25 entries, the
calculation of the partition table size in alloc_read_gpt_entries() will
overflow a 32-bit integer and not enough space will be allocated for the
table.
Nothing seems to get written out of bounds, but later efi_partition() will
read up to 32768 bytes from a 128 byte buffer, possibly OOPSing or exposing
information to /proc/partitions and uevents.
The problem exists on both 64-bit and 32-bit platforms.
Fix the overflow and also print a meaningful debug message if the table
size is too large.
Signed-off-by: Alden Tondettar <alden.tondettar@gmail.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/audit.h')
0 files changed, 0 insertions, 0 deletions