From patchwork Wed Sep 14 11:48:20 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [maverick, maverick/ti-omap4, natty/ti-omap4, CVE,
 1/1] Validate size of EFI GUID partition entries.
From: Andy Whitcroft <apw@canonical.com>
X-Patchwork-Id: 114664
Message-Id: <1316000900-1542-3-git-send-email-apw@canonical.com>
To: kernel-team@lists.ubuntu.com
Cc: Andy Whitcroft <apw@canonical.com>
Date: Wed, 14 Sep 2011 12:48:20 +0100

From: Timo Warns <Warns@pre-sense.de>

Otherwise corrupted EFI partition tables can cause total confusion.

Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(cherry picked from commit fa039d5f6b126fbd65eefa05db2f67e44df8f121)
CVE-2011-1776
BugLink: http://bugs.launchpad.net/bugs/844365
Signed-off-by: Andy Whitcroft <apw@canonical.com>

---
fs/partitions/efi.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c
index 3ac773d..86a1859 100644
--- a/fs/partitions/efi.c
+++ b/fs/partitions/efi.c
@@ -356,6 +356,12 @@ static int is_gpt_valid(struct parsed_partitions *state, u64 lba,
 		goto fail;
 	}
 
+	/* Check that sizeof_partition_entry has the correct value */
+	if (le32_to_cpu((*gpt)->sizeof_partition_entry) != sizeof(gpt_entry)) {
+		pr_debug("GUID Partitition Entry Size check failed.\n");
+		goto fail;
+	}
+
 	if (!(*ptes = alloc_read_gpt_entries(state, *gpt)))
 		goto fail;