Re: [PATCH] partitions/efi: Fix integer overflow in GPT size calculation
From: Jens Axboe
Date: Tue Jan 17 2017 - 11:03:28 EST
On 01/15/2017 02:31 PM, Alden Tondettar wrote:
> If a GUID Partition Table claims to have more than 2**25 entries, the
> calculation of the partition table size in alloc_read_gpt_entries() will
> overflow a 32-bit integer and not enough space will be allocated for the
> table.
>
> Nothing seems to get written out of bounds, but later efi_partition() will
> read up to 32768 bytes from a 128 byte buffer, possibly OOPSing or exposing
> information to /proc/partitions and uevents.
>
> The problem exists on both 64-bit and 32-bit platforms.
>
> Fix the overflow and also print a meaningful debug message if the table
> size is too large.
Applied for 4.11, thanks.
--
Jens Axboe