* [PATCH master] partitions: efi: fix NULL dereference on corrupted GPT
@ 2024-04-15 5:31 Ahmad Fatoum
2024-04-16 10:29 ` Sascha Hauer
0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2024-04-15 5:31 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
When processing a corrupted GPT, the initial magic check may succeed,
but later partition parsing may terminate unsuccessfully. In such case,
we returned an invalid pointer that happened to be NULL, but didn't do
much about it leading to a NULL pointer dereference.
Fix this by explicitly returning NULL and correctly propagating it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
common/partitions.c | 3 +++
common/partitions/efi.c | 5 ++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/common/partitions.c b/common/partitions.c
index 5b861c40fca3..17c2f1eb281a 100644
--- a/common/partitions.c
+++ b/common/partitions.c
@@ -146,6 +146,9 @@ struct partition_desc *partition_table_read(struct block_device *blk)
goto err;
pdesc = parser->parse(buf, blk);
+ if (!pdesc)
+ goto err;
+
pdesc->parser = parser;
err:
free(buf);
diff --git a/common/partitions/efi.c b/common/partitions/efi.c
index 9df40e3c15f3..829360da6e1f 100644
--- a/common/partitions/efi.c
+++ b/common/partitions/efi.c
@@ -482,10 +482,10 @@ static struct partition_desc *efi_partition(void *buf, struct block_device *blk)
int nb_part;
struct efi_partition *epart;
struct partition *pentry;
- struct efi_partition_desc *epd = NULL;
+ struct efi_partition_desc *epd;
if (!find_valid_gpt(buf, blk, &gpt, &ptes) || !gpt || !ptes)
- goto out;
+ return NULL;
snprintf(blk->cdev.diskuuid, sizeof(blk->cdev.diskuuid), "%pUl", &gpt->disk_guid);
dev_add_param_string_fixed(blk->dev, "guid", blk->cdev.diskuuid);
@@ -525,7 +525,6 @@ static struct partition_desc *efi_partition(void *buf, struct block_device *blk)
pentry->num = i;
list_add_tail(&pentry->list, &epd->pd.partitions);
}
-out:
return &epd->pd;
}
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH master] partitions: efi: fix NULL dereference on corrupted GPT
2024-04-15 5:31 [PATCH master] partitions: efi: fix NULL dereference on corrupted GPT Ahmad Fatoum
@ 2024-04-16 10:29 ` Sascha Hauer
0 siblings, 0 replies; 2+ messages in thread
From: Sascha Hauer @ 2024-04-16 10:29 UTC (permalink / raw)
To: barebox, Ahmad Fatoum
On Mon, 15 Apr 2024 07:31:20 +0200, Ahmad Fatoum wrote:
> When processing a corrupted GPT, the initial magic check may succeed,
> but later partition parsing may terminate unsuccessfully. In such case,
> we returned an invalid pointer that happened to be NULL, but didn't do
> much about it leading to a NULL pointer dereference.
>
> Fix this by explicitly returning NULL and correctly propagating it.
>
> [...]
Applied, thanks!
[1/1] partitions: efi: fix NULL dereference on corrupted GPT
https://git.pengutronix.de/cgit/barebox/commit/?id=7358ef660dc4 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-16 10:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-15 5:31 [PATCH master] partitions: efi: fix NULL dereference on corrupted GPT Ahmad Fatoum
2024-04-16 10:29 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox