On Sat, Nov 01, 2014 at 22:45, Ted Unangst wrote:
> Pull out a few common subexpressions. I think this makes the code
> easier to read. Some byte swaps are left, when they are only used once.
>
> Then use mallocarray for bounds checking.
>
> Also observe the following:
> + if (ghsize < GPTMINHDRSIZE && ghsize > DEV_BSIZE)
> I'm pretty sure that should be an ||, otherwise it's never true.
The rest is committed. Now for the real fix. Check my work?
Index: subr_disk.c
===================================================================
RCS file: /cvs/src/sys/kern/subr_disk.c,v
retrieving revision 1.172
diff -u -p -r1.172 subr_disk.c
--- subr_disk.c 3 Nov 2014 16:55:21 -0000 1.172
+++ subr_disk.c 3 Nov 2014 16:55:59 -0000
@@ -702,7 +702,7 @@ readgptlabel(struct buf *bp, void (*stra
* Header size must be greater than or equal to 92 and less
* than or equal to the logical block size.
*/
- if (ghsize < GPTMINHDRSIZE && ghsize > DEV_BSIZE)
+ if (ghsize < GPTMINHDRSIZE || ghsize > DEV_BSIZE)
return (EINVAL);
if (letoh64(gh.gh_lba_start) >= DL_GETDSIZE(lp) ||
