[PATCH master] partitions: efi: fix NULL dereference on corrupted GPT
Ahmad Fatoum
a.fatoum at pengutronix.de
Sun Apr 14 22:31:20 PDT 2024
When processing a corrupted GPT, the initial magic check may succeed,
but later partition parsing may terminate unsuccessfully. In such case,
we returned an invalid pointer that happened to be NULL, but didn't do
much about it leading to a NULL pointer dereference.
Fix this by explicitly returning NULL and correctly propagating it.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
common/partitions.c | 3 +++
common/partitions/efi.c | 5 ++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/common/partitions.c b/common/partitions.c
index 5b861c40fca3..17c2f1eb281a 100644
--- a/common/partitions.c
+++ b/common/partitions.c
@@ -146,6 +146,9 @@ struct partition_desc *partition_table_read(struct block_device *blk)
goto err;
pdesc = parser->parse(buf, blk);
+ if (!pdesc)
+ goto err;
+
pdesc->parser = parser;
err:
free(buf);
diff --git a/common/partitions/efi.c b/common/partitions/efi.c
index 9df40e3c15f3..829360da6e1f 100644
--- a/common/partitions/efi.c
+++ b/common/partitions/efi.c
@@ -482,10 +482,10 @@ static struct partition_desc *efi_partition(void *buf, struct block_device *blk)
int nb_part;
struct efi_partition *epart;
struct partition *pentry;
- struct efi_partition_desc *epd = NULL;
+ struct efi_partition_desc *epd;
if (!find_valid_gpt(buf, blk, &gpt, &ptes) || !gpt || !ptes)
- goto out;
+ return NULL;
snprintf(blk->cdev.diskuuid, sizeof(blk->cdev.diskuuid), "%pUl", &gpt->disk_guid);
dev_add_param_string_fixed(blk->dev, "guid", blk->cdev.diskuuid);
@@ -525,7 +525,6 @@ static struct partition_desc *efi_partition(void *buf, struct block_device *blk)
pentry->num = i;
list_add_tail(&pentry->list, &epd->pd.partitions);
}
-out:
return &epd->pd;
}
--
2.39.2
More information about the barebox
mailing list