Print this page
3027 installgrub can segfault when encountering bogus data on disk

*** 250,259 **** --- 250,261 ---- bblock->file = bblock->buf; bblock->mboot_off = mboot_off; bblock->mboot = (multiboot_header_t *)(bblock->buf + bblock->mboot_off + BBLK_DATA_RSVD_SIZE); bblock->extra = (char *)bblock->mboot + sizeof (multiboot_header_t); + bblock->extra_size = bblock->buf_size - bblock->mboot_off + - BBLK_DATA_RSVD_SIZE - sizeof (multiboot_header_t); return (BC_SUCCESS); } static boolean_t is_update_necessary(ib_data_t *data, char *updt_str)
*** 277,287 **** if (read_bootblock_from_disk(dev_fd, &bblock_disk) != BC_SUCCESS) { BOOT_DEBUG("Unable to read bootblock from %s\n", device->path); return (B_TRUE); } ! einfo = find_einfo(bblock_disk.extra); if (einfo == NULL) { BOOT_DEBUG("No extended information available\n"); return (B_TRUE); } --- 279,289 ---- if (read_bootblock_from_disk(dev_fd, &bblock_disk) != BC_SUCCESS) { BOOT_DEBUG("Unable to read bootblock from %s\n", device->path); return (B_TRUE); } ! einfo = find_einfo(bblock_disk.extra, bblock_disk.extra_size); if (einfo == NULL) { BOOT_DEBUG("No extended information available\n"); return (B_TRUE); }
*** 714,724 **** "found\n")); retval = BC_NOEINFO; goto out_dev; } ! einfo = find_einfo(bblock->extra); if (einfo == NULL) { retval = BC_NOEINFO; (void) fprintf(stderr, gettext("No extended information " "found\n")); goto out_dev; --- 716,726 ---- "found\n")); retval = BC_NOEINFO; goto out_dev; } ! einfo = find_einfo(bblock->extra, bblock->extra_size); if (einfo == NULL) { retval = BC_NOEINFO; (void) fprintf(stderr, gettext("No extended information " "found\n")); goto out_dev;
*** 815,825 **** " the bootblock\n", curr_device->path); retval = BC_NOEXTRA; goto out_devs; } ! einfo_curr = find_einfo(bblock_curr->extra); if (einfo_curr != NULL) updt_str = einfo_get_string(einfo_curr); retval = propagate_bootblock(&curr_data, &attach_data, updt_str); cleanup_bootblock(bblock_curr); --- 817,827 ---- " the bootblock\n", curr_device->path); retval = BC_NOEXTRA; goto out_devs; } ! einfo_curr = find_einfo(bblock_curr->extra, bblock_curr->extra_size); if (einfo_curr != NULL) updt_str = einfo_get_string(einfo_curr); retval = propagate_bootblock(&curr_data, &attach_data, updt_str); cleanup_bootblock(bblock_curr);