diff options
| -rw-r--r-- | sys/kern/subr_disk.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/sys/kern/subr_disk.c b/sys/kern/subr_disk.c index 299433419de..9b224dcd94f 100644 --- a/sys/kern/subr_disk.c +++ b/sys/kern/subr_disk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_disk.c,v 1.171 2014/11/03 03:08:00 deraadt Exp $ */ +/* $OpenBSD: subr_disk.c,v 1.172 2014/11/03 16:55:21 tedu Exp $ */ /* $NetBSD: subr_disk.c,v 1.17 1996/03/16 23:17:08 christos Exp $ */ /* @@ -647,6 +647,11 @@ readgptlabel(struct buf *bp, void (*strat)(struct buf *), */ for (part_blkno = GPTSECTOR; ; part_blkno = gh.gh_lba_alt, altheader = 1) { + uint32_t ghsize; + uint32_t ghpartsize; + uint32_t ghpartnum; + size_t gpsz; + /* read header record */ bp->b_blkno = DL_BLKTOSEC(lp, part_blkno) * DL_BLKSPERSEC(lp); offset = DL_BLKOFFSET(lp, part_blkno); @@ -665,6 +670,10 @@ readgptlabel(struct buf *bp, void (*strat)(struct buf *), } bcopy(bp->b_data + offset, &gh, sizeof(gh)); + ghsize = letoh32(gh.gh_size); + ghpartsize = letoh32(gh.gh_part_size); + ghpartnum = letoh32(gh.gh_part_num); + if (letoh64(gh.gh_sig) != GPTSIGNATURE) return (EINVAL); @@ -693,8 +702,7 @@ readgptlabel(struct buf *bp, void (*strat)(struct buf *), * Header size must be greater than or equal to 92 and less * than or equal to the logical block size. */ - if (letoh32(gh.gh_size) < GPTMINHDRSIZE - && letoh32(gh.gh_size) > DEV_BSIZE) + if (ghsize < GPTMINHDRSIZE && ghsize > DEV_BSIZE) return (EINVAL); if (letoh64(gh.gh_lba_start) >= DL_GETDSIZE(lp) || @@ -706,8 +714,8 @@ readgptlabel(struct buf *bp, void (*strat)(struct buf *), * Size per partition entry shall be 128*(2**n) with n >= 0. * We don't support partition entries larger than block size. */ - if (letoh32(gh.gh_part_size) % GPTMINPARTSIZE - || letoh32(gh.gh_part_size) > DEV_BSIZE + if (ghpartsize % GPTMINPARTSIZE + || ghpartsize > DEV_BSIZE || GPT_PARTSPERSEC(&gh) == 0) { DPRINTF("invalid partition size\n"); return (EINVAL); @@ -721,16 +729,16 @@ readgptlabel(struct buf *bp, void (*strat)(struct buf *), } /* read GPT partition entry array */ - gpsz = letoh32(gh.gh_part_num) * sizeof(struct gpt_partition); - gp = malloc(gpsz, M_DEVBUF, M_NOWAIT|M_ZERO); + gp = mallocarray(ghpartnum, sizeof(struct gpt_partition), M_DEVBUF, M_NOWAIT|M_ZERO); if (gp == NULL) return (ENOMEM); + gpsz = ghpartnum * sizeof(struct gpt_partition); /* * XXX: Fails if # of partition entries is no multiple of * GPT_PARTSPERSEC(&gh) */ - for (i = 0; i < letoh32(gh.gh_part_num) / GPT_PARTSPERSEC(&gh); + for (i = 0; i < ghpartnum / GPT_PARTSPERSEC(&gh); i++) { part_blkno = letoh64(gh.gh_part_lba) + i; /* read partition record */ |