diff options
author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2015-11-09 01:07:57 +0000 |
---|---|---|
committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2015-11-09 01:07:57 +0000 |
commit | 81b5901106075a9161b29352b9af69ca6084cfe0 (patch) | |
tree | 8ed9239fe7d3c58400ee2ed4f510665ed16b54d5 /sys/arch/amd64/stand | |
parent | d99d3b5bdf24026e253e20fa796b525080e2b36b (diff) |
Bring GPT validity checking into line with kern/subr_disk.c . In
particular don't attempt to calcuate the header checksum using a
size that will cause a crash.
Tested & ok yasuoka@
Diffstat (limited to 'sys/arch/amd64/stand')
-rw-r--r-- | sys/arch/amd64/stand/efiboot/efidev.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/sys/arch/amd64/stand/efiboot/efidev.c b/sys/arch/amd64/stand/efiboot/efidev.c index d135baf4066..21ffc9dbc49 100644 --- a/sys/arch/amd64/stand/efiboot/efidev.c +++ b/sys/arch/amd64/stand/efiboot/efidev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: efidev.c,v 1.7 2015/11/08 00:42:39 yasuoka Exp $ */ +/* $OpenBSD: efidev.c,v 1.8 2015/11/09 01:07:56 krw Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -253,7 +253,7 @@ findopenbsd_gpt(efi_diskinfo_t ed, const char **err) int i, part; uint64_t lba; uint32_t orig_csum, new_csum; - uint32_t ghpartsize, ghpartnum, ghpartspersec; + uint32_t ghsize, ghpartsize, ghpartnum, ghpartspersec; const char openbsd_uuid_code[] = GPT_UUID_OPENBSD; static struct uuid *openbsd_uuid = NULL, openbsd_uuid_space; static struct gpt_partition @@ -296,10 +296,21 @@ findopenbsd_gpt(efi_diskinfo_t ed, const char **err) return (-1); } + if (letoh32(gh.gh_rev) != GPTREVISION) { + *err = "bad GPT revision\n"; + return (-1); + } + + ghsize = letoh32(gh.gh_size); + if (ghsize < GPTMINHDRSIZE || ghsize > sizeof(struct gpt_header)) { + *err = "bad GPT header size\n"; + return (-1); + } + /* Check checksum */ orig_csum = gh.gh_csum; gh.gh_csum = 0; - new_csum = crc32(0, (unsigned char *)&gh, letoh32(gh.gh_size)); + new_csum = crc32(0, (unsigned char *)&gh, ghsize); gh.gh_csum = orig_csum; if (letoh32(orig_csum) != new_csum) { *err = "bad GPT header checksum\n"; |