[parted-devel] aix.c: Avoid memory overrun. Don't assume
logical sector size <= 512B
David Cantrell
dcantrell at redhat.com
Thu Mar 8 23:34:41 CET 2007
On Thu, 2007-03-08 at 22:26 +0100, Jim Meyering wrote:
> David Cantrell <dcantrell at redhat.com> wrote:
> > On Thu, 2007-03-08 at 15:43 +0100, Jim Meyering wrote:
> >> Here's a fix for the first memory overrun bug I found:
> >>
> >> aix.c: Avoid memory overrun. Don't assume logical sector size <= 512B
> >> * libparted/labels/aix.c (aix_probe): Return 0 if the
> >> sector size is larger than our AixLabel size.
> >> (aix_clobber): Rather than PED_ASSERT'ing that aix_probe returns 1,
> >> simply return 0 if aix_probe returns fails.
> ...
> > I like the approach of allocating the required buffer size instead of
> > using fixed-size buffers.
> >
> > Either solution is fine, but I would prefer we go with the ped_malloc()
> > approach that's used in amiga_probe so we are consistent throughout
> > libparted.
>
> OK. I've reworked it and tested the read-only parts.
> I have *not* tested the aix_clobber change: no disposable
> spindle handy right now.
>
> aix.c: Avoid memory overrun. Don't assume logical sector size <= 512B
> * libparted/labels/aix.c (struct AixLabel): Remove definition.
> (aix_label_magic_get, aix_label_magic_set): New functions.
> (read_sector): New function.
> (aix_probe): Rewrite not to use the above, and not a static buffer.
> (aix_clobber): Likewise.
> Also, rather than PED_ASSERT'ing that aix_probe returns 1,
> simply return 0 if aix_probe returns fails.
> (ped_disk_aix_init): Remove assertion, now that AixLabel is gone.
>
> diff --git a/libparted/labels/aix.c b/libparted/labels/aix.c
> index a16ead4..e001617 100644
> --- a/libparted/labels/aix.c
> +++ b/libparted/labels/aix.c
> @@ -33,45 +33,68 @@
> # define _(String) (String)
> #endif /* ENABLE_NLS */
>
> -typedef struct {
> - unsigned int magic; /* expect AIX_LABEL_MAGIC */
> - unsigned int fillbytes[127];
> -} AixLabel;
> -
> #define AIX_LABEL_MAGIC 0xc9c2d4c1
>
> static PedDiskType aix_disk_type;
>
> -static int
> -aix_probe (const PedDevice *dev)
> +static inline int
> +aix_label_magic_get (const char *label)
> {
> - AixLabel label;
> + return *(int *)label;
> +}
>
> - PED_ASSERT (dev != NULL, return 0);
> +static inline void
> +aix_label_magic_set (char *label, int magic_val)
> +{
> + *(int *)label = magic_val;
> +}
>
> - if (!ped_device_read (dev, &label, 0, 1))
> +/* Read a single sector, of length DEV->sector_size, into malloc'd storage.
> + If the read fails, free the memory and return zero without modifying *BUF.
> + Otherwise, set *BUF to the new buffer and return 1. */
> +static int
> +read_sector (const PedDevice *dev, char **buf)
> +{
> + char *b = ped_malloc (dev->sector_size);
> + PED_ASSERT (b != NULL, return 0);
> + if (!ped_device_read (dev, b, 0, 1)) {
> + ped_free (b);
> return 0;
> + }
> + *buf = b;
> + return 1;
> +}
>
> - if (PED_BE32_TO_CPU (label.magic) != AIX_LABEL_MAGIC)
> - return 0;
> +static int
> +aix_probe (const PedDevice *dev)
> +{
> + PED_ASSERT (dev != NULL, return 0);
>
> - return 1;
> + char *label;
> + if (!read_sector (dev, &label))
> + return 0;
> + int magic = aix_label_magic_get (label);
> + ped_free (label);
> + return magic == AIX_LABEL_MAGIC;
> }
>
> #ifndef DISCOVER_ONLY
> static int
> aix_clobber (PedDevice* dev)
> {
> - AixLabel label;
> -
> PED_ASSERT (dev != NULL, return 0);
> - PED_ASSERT (aix_probe (dev), return 0);
>
> - if (!ped_device_read (dev, &label, 0, 1))
> + if (!aix_probe (dev))
> return 0;
> -
> - label.magic = 0;
> - return ped_device_write (dev, &label, 0, 1);
> +
> + char *label;
> + if (!read_sector (dev, &label))
> + return 0;
> +
> + aix_label_magic_set (label, 0);
> + int result = ped_device_write (dev, label, 0, 1);
> + ped_free (label);
> + return result;
> }
> #endif /* !DISCOVER_ONLY */
>
> @@ -263,7 +286,6 @@ static PedDiskType aix_disk_type = {
> void
> ped_disk_aix_init ()
> {
> - PED_ASSERT (sizeof (AixLabel) == 512, return);
> ped_disk_type_register (&aix_disk_type);
> }
Should we not be using unsigned int where we're using int?
--
David Cantrell <dcantrell at redhat.com>
Red Hat / Westford, MA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/parted-devel/attachments/20070308/fe76ecfe/attachment.pgp
More information about the parted-devel
mailing list