summaryrefslogtreecommitdiff
path: root/sys/arch/amd64/stand
diff options
context:
space:
mode:
authorKenneth R Westerback <krw@cvs.openbsd.org>2015-11-09 01:07:57 +0000
committerKenneth R Westerback <krw@cvs.openbsd.org>2015-11-09 01:07:57 +0000
commit81b5901106075a9161b29352b9af69ca6084cfe0 (patch)
tree8ed9239fe7d3c58400ee2ed4f510665ed16b54d5 /sys/arch/amd64/stand
parentd99d3b5bdf24026e253e20fa796b525080e2b36b (diff)
Bring GPT validity checking into line with kern/subr_disk.c . In
particular don't attempt to calcuate the header checksum using a size that will cause a crash. Tested & ok yasuoka@
Diffstat (limited to 'sys/arch/amd64/stand')
-rw-r--r--sys/arch/amd64/stand/efiboot/efidev.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/sys/arch/amd64/stand/efiboot/efidev.c b/sys/arch/amd64/stand/efiboot/efidev.c
index d135baf4066..21ffc9dbc49 100644
--- a/sys/arch/amd64/stand/efiboot/efidev.c
+++ b/sys/arch/amd64/stand/efiboot/efidev.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: efidev.c,v 1.7 2015/11/08 00:42:39 yasuoka Exp $ */
+/* $OpenBSD: efidev.c,v 1.8 2015/11/09 01:07:56 krw Exp $ */
/*
* Copyright (c) 1996 Michael Shalayeff
@@ -253,7 +253,7 @@ findopenbsd_gpt(efi_diskinfo_t ed, const char **err)
int i, part;
uint64_t lba;
uint32_t orig_csum, new_csum;
- uint32_t ghpartsize, ghpartnum, ghpartspersec;
+ uint32_t ghsize, ghpartsize, ghpartnum, ghpartspersec;
const char openbsd_uuid_code[] = GPT_UUID_OPENBSD;
static struct uuid *openbsd_uuid = NULL, openbsd_uuid_space;
static struct gpt_partition
@@ -296,10 +296,21 @@ findopenbsd_gpt(efi_diskinfo_t ed, const char **err)
return (-1);
}
+ if (letoh32(gh.gh_rev) != GPTREVISION) {
+ *err = "bad GPT revision\n";
+ return (-1);
+ }
+
+ ghsize = letoh32(gh.gh_size);
+ if (ghsize < GPTMINHDRSIZE || ghsize > sizeof(struct gpt_header)) {
+ *err = "bad GPT header size\n";
+ return (-1);
+ }
+
/* Check checksum */
orig_csum = gh.gh_csum;
gh.gh_csum = 0;
- new_csum = crc32(0, (unsigned char *)&gh, letoh32(gh.gh_size));
+ new_csum = crc32(0, (unsigned char *)&gh, ghsize);
gh.gh_csum = orig_csum;
if (letoh32(orig_csum) != new_csum) {
*err = "bad GPT header checksum\n";