1
linux/fs/partitions
Timo Warns 1eafbfeb7b Fix corrupted OSF partition table parsing
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating OSF partitions contains a bug that leaks data
from kernel heap memory to userspace for certain corrupted OSF
partitions.

In more detail:

  for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) {

iterates from 0 to d_npartitions - 1, where d_npartitions is read from
the partition table without validation and partition is a pointer to an
array of at most 8 d_partitions.

Add the proper and obvious validation.

Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: stable@kernel.org
[ Changed the patch trivially to not repeat the whole le16_to_cpu()
  thing, and to use an explicit constant for the magic value '8' ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-14 10:14:28 -07:00
..
acorn.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
acorn.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
amiga.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
amiga.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
atari.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
atari.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
check.c Merge branch 'for-2.6.38/event-handling' into for-2.6.38/core 2011-01-13 14:47:54 +01:00
check.h block, partition: add partition_meta_info to hd_struct 2010-09-15 16:13:18 +02:00
efi.c genhd, efi: add efi partition metadata to hd_structs 2010-09-15 16:13:28 +02:00
efi.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
ibm.c [S390] partitions: fix build error in ibm partition detection code 2010-08-13 10:06:55 +02:00
ibm.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
karma.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
karma.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
Kconfig partition: use DEFAULT_SGI_PARTITION for SGI_PARTION default 2008-02-06 10:41:08 -08:00
ldm.c ldm: corrupted partition table can cause kernel oops 2011-02-25 15:07:36 -08:00
ldm.h Update broken web addresses in the kernel. 2010-10-18 11:03:14 +02:00
mac.c fs/partitions: Validate map_count in Mac partition tables 2011-02-17 17:50:51 -08:00
mac.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
Makefile partition: add support for sysv68 partitions 2007-05-08 11:15:09 -07:00
msdos.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
msdos.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
osf.c Fix corrupted OSF partition table parsing 2011-03-14 10:14:28 -07:00
osf.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
sgi.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
sgi.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
sun.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
sun.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
sysv68.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
sysv68.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00
ultrix.c partitions: fix sometimes unreadable partition strings 2010-08-11 08:59:20 -07:00
ultrix.h block: use struct parsed_partitions *state universally in partition check code 2010-05-21 20:01:02 +02:00