Print this page
3027 installgrub can segfault when encountering bogus data on disk

@@ -105,19 +105,25 @@
 /*
  * Given a pointer to the extra information area (a sequence of bb_header_ext_t
  * + payload chunks), find the extended information structure.
  */
 bblk_einfo_t *
-find_einfo(char *extra)
+find_einfo(char *extra, uint32_t size)
 {
         bb_header_ext_t         *ext_header;
         bblk_einfo_t            *einfo;
         uint32_t                cksum;
 
         assert(extra != NULL);
 
         ext_header = (bb_header_ext_t *)extra;
+        if (ext_header->size > size) {
+                BOOT_DEBUG("Unable to find extended versioning information, "
+                    "data size too big\n");
+                return (NULL);
+        }
+
         cksum = compute_checksum(extra + sizeof (bb_header_ext_t),
             ext_header->size);
         BOOT_DEBUG("Extended information header checksum is %x\n", cksum);
 
         if (cksum != ext_header->checksum) {