diff options
| author | Timo Warns <Warns@pre-sense.de> | 2011-03-14 14:59:33 +0100 |
|---|---|---|
| committer | Willy Tarreau <w@1wt.eu> | 2012-02-11 15:37:23 +0100 |
| commit | 4409394ba19d696f04273145fc393c60b1448b80 (patch) | |
| tree | cc0a0be22ac3e5492fa59398d92bb08894957816 /drivers | |
| parent | 3ea3fe6ab5b1fe7f2ee5f1edc401b5305df5d138 (diff) | |
Fix corrupted OSF partition table parsing
commit 1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 upstream.
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating OSF partitions contains a bug that leaks data
from kernel heap memory to userspace for certain corrupted OSF
partitions.
In more detail:
for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) {
iterates from 0 to d_npartitions - 1, where d_npartitions is read from
the partition table without validation and partition is a pointer to an
array of at most 8 d_partitions.
Add the proper and obvious validation.
Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: stable@kernel.org
[ Changed the patch trivially to not repeat the whole le16_to_cpu()
thing, and to use an explicit constant for the magic value '8' ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions