Print this page
3027 installgrub can segfault when encountering bogus data on disk
@@ -250,10 +250,12 @@
bblock->file = bblock->buf;
bblock->mboot_off = mboot_off;
bblock->mboot = (multiboot_header_t *)(bblock->buf + bblock->mboot_off
+ BBLK_DATA_RSVD_SIZE);
bblock->extra = (char *)bblock->mboot + sizeof (multiboot_header_t);
+ bblock->extra_size = bblock->buf_size - bblock->mboot_off
+ - BBLK_DATA_RSVD_SIZE - sizeof (multiboot_header_t);
return (BC_SUCCESS);
}
static boolean_t
is_update_necessary(ib_data_t *data, char *updt_str)
@@ -277,11 +279,11 @@
if (read_bootblock_from_disk(dev_fd, &bblock_disk) != BC_SUCCESS) {
BOOT_DEBUG("Unable to read bootblock from %s\n", device->path);
return (B_TRUE);
}
- einfo = find_einfo(bblock_disk.extra);
+ einfo = find_einfo(bblock_disk.extra, bblock_disk.extra_size);
if (einfo == NULL) {
BOOT_DEBUG("No extended information available\n");
return (B_TRUE);
}
@@ -714,11 +716,11 @@
"found\n"));
retval = BC_NOEINFO;
goto out_dev;
}
- einfo = find_einfo(bblock->extra);
+ einfo = find_einfo(bblock->extra, bblock->extra_size);
if (einfo == NULL) {
retval = BC_NOEINFO;
(void) fprintf(stderr, gettext("No extended information "
"found\n"));
goto out_dev;
@@ -815,11 +817,11 @@
" the bootblock\n", curr_device->path);
retval = BC_NOEXTRA;
goto out_devs;
}
- einfo_curr = find_einfo(bblock_curr->extra);
+ einfo_curr = find_einfo(bblock_curr->extra, bblock_curr->extra_size);
if (einfo_curr != NULL)
updt_str = einfo_get_string(einfo_curr);
retval = propagate_bootblock(&curr_data, &attach_data, updt_str);
cleanup_bootblock(bblock_curr);