From: Anton Arapov <Anton@redhat.com>
Date: Thu, 23 Jun 2011 12:33:39 -0400
Subject: [fs] validate size of EFI GUID partition entries
Message-id: <20110623123339.GF2604@bandura.usersys.redhat.com>
Patchwork-id: 36991
O-Subject: [RHEL5.7 PATCH CVE-2011-1776 v2] kernel: validate size of EFI GUID partition entries (BZ703026)
Bugzilla: 703026
CVE: CVE-2011-1776
RH-Acked-by: Jerome Marchand <jmarchan@redhat.com>
RH-Acked-by: Petr Matousek <pmatouse@redhat.com>

v2: use tabs...

Fixes is_gpt_valid() fails gracefully rather instead of kernel
crash.

Fixes BZ703026 and CVE-2011-1776

Brew:
https://brewweb.devel.redhat.com/taskinfo?taskID=3423897

Upstream:
Otherwise corrupted EFI partition tables can cause total confusion.

Signed-off-by: Timo Warns <warns@pre-sense.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
==

Signed-off-by: Jarod Wilson <jarod@redhat.com>

diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c
index 38833b2..27331f7 100644
--- a/fs/partitions/efi.c
+++ b/fs/partitions/efi.c
@@ -361,6 +361,12 @@ is_gpt_valid(struct block_device *bdev, u64 lba,
 		goto fail;
 	}
 
+	/* Check that sizeof_partition_entry has the correct value */
+	if (le32_to_cpu((*gpt)->sizeof_partition_entry) != sizeof(gpt_entry)) {
+		pr_debug("GUID Partitition Entry Size check failed.\n");
+		goto fail;
+	}
+
 	if (!(*ptes = alloc_read_gpt_entries(bdev, *gpt)))
 		goto fail;