illumos-3027-webrev-2 Cdiff usr/src/cmd/boot/installboot/installboot.c

Print this page

3027 installgrub can segfault when encountering bogus data on disk


*** 250,259 ****
--- 250,261 ----
          bblock->file = bblock->buf;
          bblock->mboot_off = mboot_off;
          bblock->mboot = (multiboot_header_t *)(bblock->buf + bblock->mboot_off
              + BBLK_DATA_RSVD_SIZE);
          bblock->extra = (char *)bblock->mboot + sizeof (multiboot_header_t);
+         bblock->extra_size = bblock->buf_size - bblock->mboot_off
+             - BBLK_DATA_RSVD_SIZE - sizeof (multiboot_header_t);
          return (BC_SUCCESS);
  }
  
  static boolean_t
  is_update_necessary(ib_data_t *data, char *updt_str)
*** 277,287 ****
          if (read_bootblock_from_disk(dev_fd, &bblock_disk) != BC_SUCCESS) {
                  BOOT_DEBUG("Unable to read bootblock from %s\n", device->path);
                  return (B_TRUE);
          }
  
!         einfo = find_einfo(bblock_disk.extra);
          if (einfo == NULL) {
                  BOOT_DEBUG("No extended information available\n");
                  return (B_TRUE);
          }
  
--- 279,289 ----
          if (read_bootblock_from_disk(dev_fd, &bblock_disk) != BC_SUCCESS) {
                  BOOT_DEBUG("Unable to read bootblock from %s\n", device->path);
                  return (B_TRUE);
          }
  
!         einfo = find_einfo(bblock_disk.extra, bblock_disk.extra_size);
          if (einfo == NULL) {
                  BOOT_DEBUG("No extended information available\n");
                  return (B_TRUE);
          }
  
*** 714,724 ****
                      "found\n"));
                  retval = BC_NOEINFO;
                  goto out_dev;
          }
  
!         einfo = find_einfo(bblock->extra);
          if (einfo == NULL) {
                  retval = BC_NOEINFO;
                  (void) fprintf(stderr, gettext("No extended information "
                      "found\n"));
                  goto out_dev;
--- 716,726 ----
                      "found\n"));
                  retval = BC_NOEINFO;
                  goto out_dev;
          }
  
!         einfo = find_einfo(bblock->extra, bblock->extra_size);
          if (einfo == NULL) {
                  retval = BC_NOEINFO;
                  (void) fprintf(stderr, gettext("No extended information "
                      "found\n"));
                  goto out_dev;
*** 815,825 ****
                      " the bootblock\n", curr_device->path);
                  retval = BC_NOEXTRA;
                  goto out_devs;
          }
  
!         einfo_curr = find_einfo(bblock_curr->extra);
          if (einfo_curr != NULL)
                  updt_str = einfo_get_string(einfo_curr);
  
          retval = propagate_bootblock(&curr_data, &attach_data, updt_str);
          cleanup_bootblock(bblock_curr);
--- 817,827 ----
                      " the bootblock\n", curr_device->path);
                  retval = BC_NOEXTRA;
                  goto out_devs;
          }
  
!         einfo_curr = find_einfo(bblock_curr->extra, bblock_curr->extra_size);
          if (einfo_curr != NULL)
                  updt_str = einfo_get_string(einfo_curr);
  
          retval = propagate_bootblock(&curr_data, &attach_data, updt_str);
          cleanup_bootblock(bblock_curr);