Module Name: src
Committed By: manu
Date: Thu Aug 1 13:11:03 UTC 2019
Modified Files:
src/sys/arch/i386/stand/lib: bootinfo_biosgeom.c
Log Message:
Fix buffer overflow in BIOS disk geometry collect for bootinfo
This spares a boot-time panic on iMac with fusion drive, which
feature both a hard drive and a solid-state drive.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c
diff -u src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c:1.23 src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c:1.24
--- src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c:1.23 Tue Jan 24 11:09:14 2017
+++ src/sys/arch/i386/stand/lib/bootinfo_biosgeom.c Thu Aug 1 13:11:03 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: bootinfo_biosgeom.c,v 1.23 2017/01/24 11:09:14 nonaka Exp $ */
+/* $NetBSD: bootinfo_biosgeom.c,v 1.24 2019/08/01 13:11:03 manu Exp $ */
/*
* Copyright (c) 1997
@@ -60,6 +60,7 @@ void
bi_getbiosgeom(void)
{
struct btinfo_biosgeom *bibg;
+ size_t bibg_len = sizeof(*bibg);
int i, j, nvalid;
int nhd;
unsigned int cksum;
@@ -72,8 +73,8 @@ bi_getbiosgeom(void)
printf("nhd %d\n", nhd);
#endif
- bibg = alloc(sizeof(struct btinfo_biosgeom)
- + (nhd - 1) * sizeof(struct bi_biosgeom_entry));
+ bibg_len += nhd * sizeof(struct bi_biosgeom_entry);
+ bibg = alloc(bibg_len);
if (bibg == NULL)
return;
@@ -175,6 +176,8 @@ bi_getbiosgeom(void)
bibg->num = nvalid;
- BI_ADD(bibg, BTINFO_BIOSGEOM, sizeof(struct btinfo_biosgeom)
- + nvalid * sizeof(struct bi_biosgeom_entry));
+ if (nvalid < nhd)
+ bibg_len -= (nhd - nvalid) * sizeof(struct bi_biosgeom_entry);
+
+ BI_ADD(bibg, BTINFO_BIOSGEOM, bibg_len);
}
