When user specifies the bootcode with size smaller than VTOC_BOOTCODE,

gpart_write_partcode_vtoc8 does access out of range of allocated memory. Check size of bootcode before writing it. Pointed out by: ru MFC after: 1 week
svn path=/head/; revision=223364
2011-06-21 10:35:20 +00:00 · 2011-06-21 10:35:20 +00:00 · 8fb2868c61 · 2020-12-20 02:59:44 +00:00
commit 8fb2868c61
parent f5857e2d3d
1 changed files with 4 additions and 1 deletions
--- a/sbin/geom/class/part/geom_part.c
+++ b/sbin/geom/class/part/geom_part.c
@ -1208,8 +1208,11 @@ gpart_bootcode(struct gctl_req *req, unsigned int fl)
 			if (idx == 0)
 				errx(EXIT_FAILURE, "missing -i option");
 			gpart_write_partcode(gp, idx, partcode, partsize);
-		} else
+		} else {
+			if (partsize != VTOC_BOOTSIZE)
+				errx(EXIT_FAILURE, "invalid bootcode");
 			gpart_write_partcode_vtoc8(gp, idx, partcode);
+		}
 	} else
 		if (bootcode == NULL)
 			errx(EXIT_FAILURE, "no -b nor -p");