From: Anton Arapov <Anton@redhat.com> Date: Thu, 23 Jun 2011 12:33:39 -0400 Subject: [fs] validate size of EFI GUID partition entries Message-id: <20110623123339.GF2604@bandura.usersys.redhat.com> Patchwork-id: 36991 O-Subject: [RHEL5.7 PATCH CVE-2011-1776 v2] kernel: validate size of EFI GUID partition entries (BZ703026) Bugzilla: 703026 CVE: CVE-2011-1776 RH-Acked-by: Jerome Marchand <jmarchan@redhat.com> RH-Acked-by: Petr Matousek <pmatouse@redhat.com> v2: use tabs... Fixes is_gpt_valid() fails gracefully rather instead of kernel crash. Fixes BZ703026 and CVE-2011-1776 Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=3423897 Upstream: Otherwise corrupted EFI partition tables can cause total confusion. Signed-off-by: Timo Warns <warns@pre-sense.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> == Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c index 38833b2..27331f7 100644 --- a/fs/partitions/efi.c +++ b/fs/partitions/efi.c @@ -361,6 +361,12 @@ is_gpt_valid(struct block_device *bdev, u64 lba, goto fail; } + /* Check that sizeof_partition_entry has the correct value */ + if (le32_to_cpu((*gpt)->sizeof_partition_entry) != sizeof(gpt_entry)) { + pr_debug("GUID Partitition Entry Size check failed.\n"); + goto fail; + } + if (!(*ptes = alloc_read_gpt_entries(bdev, *gpt))) goto fail;