Author: laurent Date: 2009-08-10 22:18:27 +0200 (Mon, 10 Aug 2009) New Revision: 546

Modified: trunk/openbios-devel/modules/disk-label.c Log: This patch modifies disk-label.c to not allow to read beyond the selected partition limits.

Signed-off-by: Laurent Vivier Laurent@vivier.eu

Modified: trunk/openbios-devel/modules/disk-label.c =================================================================== --- trunk/openbios-devel/modules/disk-label.c 2009-08-10 19:57:43 UTC (rev 545) +++ trunk/openbios-devel/modules/disk-label.c 2009-08-10 20:18:27 UTC (rev 546) @@ -99,8 +99,8 @@ if( ph ) { di->offs_hi = 0; di->offs_lo = 0; - di->size_hi = -1; - di->size_lo = -1; + di->size_hi = 0; + di->size_lo = 0; di->part_ih = 0; di->type = -1; di->block_size = 512; @@ -174,7 +174,14 @@ { int ret, len = POP(); char *buf = (char*)POP(); + llong pos = tell( di->fd ); + ducell offs = ((ducell)di->offs_hi << BITS) | di->offs_lo; + ducell size = ((ducell)di->size_hi << BITS) | di->size_lo;

+ if (size && len > pos - offs + size) { + len = size - (pos - offs); + } + ret = read_io( di->fd, buf, len ); PUSH( ret ); } @@ -188,6 +195,7 @@ ducell offs = ((ducell)di->offs_hi << BITS) | di->offs_lo; ducell size = ((ducell)di->size_hi << BITS) | di->size_lo;

+ DPRINTF("dlabel_seek %llx [%llx, %llx]\n", pos, offs, size); if( pos != -1 ) pos += offs; else if( size ) { @@ -196,8 +204,12 @@ } else { /* let parent handle the EOF seek. */ } + DPRINTF("dlabel_seek: 0x%llx\n", pos ); + if (size && (pos - offs >= size )) { + PUSH(-1); + return; + }

- DPRINTF("dlabel_seek: %x %08x\n", (int)(pos>>32), (int)pos ); ret = seek_io( di->fd, pos ); PUSH( ret ); }