From patchwork Wed Sep 14 11:48:19 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [hardy, lucid/ti-omap4, CVE,
 1/1] Validate size of EFI GUID partition entries.
Date: Wed, 14 Sep 2011 01:48:19 -0000
From: Andy Whitcroft <apw@canonical.com>
X-Patchwork-Id: 114665
Message-Id: <1316000900-1542-2-git-send-email-apw@canonical.com>
To: kernel-team@lists.ubuntu.com
Cc: Andy Whitcroft <apw@canonical.com>

From: Timo Warns <Warns@pre-sense.de>

Otherwise corrupted EFI partition tables can cause total confusion.

Signed-off-by: Timo Warns <warns@pre-sense.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(backported from commit fa039d5f6b126fbd65eefa05db2f67e44df8f121)
CVE-2011-1776
BugLink: http://bugs.launchpad.net/bugs/844365
Signed-off-by: Andy Whitcroft <apw@canonical.com>

---
fs/partitions/efi.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c
index 46e9f47..9e86a34 100644
--- a/fs/partitions/efi.c
+++ b/fs/partitions/efi.c
@@ -360,6 +360,12 @@ is_gpt_valid(struct block_device *bdev, u64 lba,
 		goto fail;
 	}
 
+	/* Check that sizeof_partition_entry has the correct value */
+	if (le32_to_cpu((*gpt)->sizeof_partition_entry) != sizeof(gpt_entry)) {
+		pr_debug("GUID Partitition Entry Size check failed.\n");
+		goto fail;
+	}
+
 	if (!(*ptes = alloc_read_gpt_entries(bdev, *gpt)))
 		goto fail;