Print this page
3027 installgrub can segfault when encountering bogus data on disk


  90                         if (!(mboot->flags & BB_MBOOT_AOUT_FLAG)) {
  91                                 BOOT_DEBUG("multiboot structure found, but no "
  92                                     "AOUT kludge specified, skipping.\n");
  93                                 continue;
  94                         } else {
  95                                 /* proper multiboot structure found. */
  96                                 *mboot_off = i;
  97                                 return (BC_SUCCESS);
  98                         }
  99                 }
 100         }
 101 
 102         return (BC_ERROR);
 103 }
 104 
 105 /*
 106  * Given a pointer to the extra information area (a sequence of bb_header_ext_t
 107  * + payload chunks), find the extended information structure.
 108  */
 109 bblk_einfo_t *
 110 find_einfo(char *extra)
 111 {
 112         bb_header_ext_t         *ext_header;
 113         bblk_einfo_t            *einfo;
 114         uint32_t                cksum;
 115 
 116         assert(extra != NULL);
 117 
 118         ext_header = (bb_header_ext_t *)extra;






 119         cksum = compute_checksum(extra + sizeof (bb_header_ext_t),
 120             ext_header->size);
 121         BOOT_DEBUG("Extended information header checksum is %x\n", cksum);
 122 
 123         if (cksum != ext_header->checksum) {
 124                 BOOT_DEBUG("Unable to find extended versioning information, "
 125                     "data looks corrupted\n");
 126                 return (NULL);
 127         }
 128 
 129         /*
 130          * Currently we only have one extra header so it must be encapsulating
 131          * the extended information structure.
 132          */
 133         einfo = (bblk_einfo_t *)(extra + sizeof (bb_header_ext_t));
 134         if (memcmp(einfo->magic, EINFO_MAGIC, EINFO_MAGIC_SIZE) != 0) {
 135                 BOOT_DEBUG("Unable to read stage2 extended versioning "
 136                     "information, wrong magic identifier\n");
 137                 BOOT_DEBUG("Found %s, expected %s\n", einfo->magic,
 138                     EINFO_MAGIC);




  90                         if (!(mboot->flags & BB_MBOOT_AOUT_FLAG)) {
  91                                 BOOT_DEBUG("multiboot structure found, but no "
  92                                     "AOUT kludge specified, skipping.\n");
  93                                 continue;
  94                         } else {
  95                                 /* proper multiboot structure found. */
  96                                 *mboot_off = i;
  97                                 return (BC_SUCCESS);
  98                         }
  99                 }
 100         }
 101 
 102         return (BC_ERROR);
 103 }
 104 
 105 /*
 106  * Given a pointer to the extra information area (a sequence of bb_header_ext_t
 107  * + payload chunks), find the extended information structure.
 108  */
 109 bblk_einfo_t *
 110 find_einfo(char *extra, uint32_t size)
 111 {
 112         bb_header_ext_t         *ext_header;
 113         bblk_einfo_t            *einfo;
 114         uint32_t                cksum;
 115 
 116         assert(extra != NULL);
 117 
 118         ext_header = (bb_header_ext_t *)extra;
 119         if (ext_header->size > size) {
 120                 BOOT_DEBUG("Unable to find extended versioning information, "
 121                     "data size too big\n");
 122                 return (NULL);
 123         }
 124 
 125         cksum = compute_checksum(extra + sizeof (bb_header_ext_t),
 126             ext_header->size);
 127         BOOT_DEBUG("Extended information header checksum is %x\n", cksum);
 128 
 129         if (cksum != ext_header->checksum) {
 130                 BOOT_DEBUG("Unable to find extended versioning information, "
 131                     "data looks corrupted\n");
 132                 return (NULL);
 133         }
 134 
 135         /*
 136          * Currently we only have one extra header so it must be encapsulating
 137          * the extended information structure.
 138          */
 139         einfo = (bblk_einfo_t *)(extra + sizeof (bb_header_ext_t));
 140         if (memcmp(einfo->magic, EINFO_MAGIC, EINFO_MAGIC_SIZE) != 0) {
 141                 BOOT_DEBUG("Unable to read stage2 extended versioning "
 142                     "information, wrong magic identifier\n");
 143                 BOOT_DEBUG("Found %s, expected %s\n", einfo->magic,
 144                     EINFO_MAGIC);