Re: [PATCH] Ensure that the GPT header is at least the size of the structure.

Thu, 14 Feb 2013 01:14:16 -0800 

On Wed, 2013-02-13 at 18:15 -0500, Peter Jones wrote:
> UEFI 2.3.1D will include a change to the spec language mandating that a
> GPT header must be greater than *or equal to* the size of the defined
> structure.  While verifying that this would work on Linux, I discovered
> that we're not actually checking the minimum bound at all.
> 
> The result of this is that when we verify the checksum, it's possible
> that on a malformed header (with header_size of 0), we won't actually
> verify any data.
> 
> (ammended to fix type error in pr_debug())
> 
> Signed-off-by: Peter Jones <pjo...@redhat.com>
> ---
>  block/partitions/efi.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/block/partitions/efi.c b/block/partitions/efi.c
> index b62fb88..a7475e7 100644
> --- a/block/partitions/efi.c
> +++ b/block/partitions/efi.c
> @@ -310,15 +310,23 @@ static int is_gpt_valid(struct parsed_partitions 
> *state, u64 lba,
>               goto fail;
>       }
>  
> -     /* Check the GUID Partition Table header size */
> +     /* Check the GUID Partition Table header size is too big */
>       if (le32_to_cpu((*gpt)->header_size) >
>                       bdev_logical_block_size(state->bdev)) {
> -             pr_debug("GUID Partition Table Header size is wrong: %u > %u\n",
> +             pr_debug("GUID Partition Table Header size is too large: %u > 
> %u\n",
>                       le32_to_cpu((*gpt)->header_size),
>                       bdev_logical_block_size(state->bdev));
>               goto fail;
>       }
>  
> +     /* Check the GUID Partition Table header size is too small */
> +     if (le32_to_cpu((*gpt)->header_size) < sizeof(gpt_header)) {
> +             pr_debug("GUID Partition Table Header size is too small: %u < 
> %lu\n",
> +                     le32_to_cpu((*gpt)->header_size),
> +                     sizeof(gpt_header));
> +             goto fail;
> +     }
> +
>       /* Check the GUID Partition Table CRC */
>       origcrc = le32_to_cpu((*gpt)->header_crc32);
>       (*gpt)->header_crc32 = 0;

Seems straight forward.

Acked-by: Matt Fleming <matt.flem...@intel.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to