Fix handling of zero-length gpt partitions (#728949)

Fix bug in nilfs2 probe with short partitions (#728949)
Fix bug in hfs probe code (#714758)
Make pc98 detection depend on specific signatures (#646053)
This commit is contained in:
Brian C. Lane 2011-10-06 16:44:52 -07:00
parent 61bbdc442a
commit 8e3b457f0f
7 changed files with 496 additions and 1 deletions

View File

@ -0,0 +1,145 @@
From 1bb50f026e3e034dc7a93c89dea69b3710c6e9cd Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Fri, 24 Jun 2011 13:32:33 +0200
Subject: [PATCH 1/4] gpt: don't abort for a truncated GPT-formatted device
This fixes the problem two ways. The first fix (via gpt_alloc)
rejects any device that is too small, but it is insufficient.
Choose a slightly larger truncated device with an otherwise intact
primary GPT header and you can still trigger the failed assertion.
To fix it in general, we make _header_is_valid detect the problem.
* libparted/labels/gpt.c (gpt_alloc): Reject a device that is so
small that there is no room for a single partition.
(_header_is_valid): Validate LastUsableLBA here, as well, so that
we now reject as invalid any GPT header that specifies a
LastUsableLBA larger than the device size.
Leave the assertion in _parse_header.
* tests/t0203-gpt-tiny-device-abort.sh: Test for this.
* tests/Makefile.am (TESTS): Add it.
* NEWS: (Bug fixes): Mention it.
Reported by Daniel Fandrich in
http://thread.gmane.org/gmane.comp.gnu.parted.bugs/10466
---
NEWS | 2 +
libparted/labels/gpt.c | 16 ++++++++++--
tests/Makefile.am | 1 +
tests/t0203-gpt-tiny-device-abort.sh | 44 ++++++++++++++++++++++++++++++++++
4 files changed, 60 insertions(+), 3 deletions(-)
create mode 100644 tests/t0203-gpt-tiny-device-abort.sh
diff --git a/NEWS b/NEWS
index 6b7c02a..24e28e6 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ GNU parted NEWS -*- outline -*-
** Bug fixes
+ libparted: no longer aborts when reading a truncated GPT-formatted device
+
Fix numerous small leaks in both the library and the UI.
** Changes in behavior
diff --git a/libparted/labels/gpt.c b/libparted/labels/gpt.c
index e1c0a32..8c9816f 100644
--- a/libparted/labels/gpt.c
+++ b/libparted/labels/gpt.c
@@ -517,13 +517,19 @@ gpt_alloc (const PedDevice *dev)
disk = _ped_disk_alloc ((PedDevice *) dev, &gpt_disk_type);
if (!disk)
goto error;
- disk->disk_specific = gpt_disk_data = ped_malloc (sizeof (GPTDiskData));
- if (!disk->disk_specific)
- goto error_free_disk;
data_start = 2 + GPT_DEFAULT_PARTITION_ENTRY_ARRAY_SIZE / dev->sector_size;
data_end = dev->length - 2
- GPT_DEFAULT_PARTITION_ENTRY_ARRAY_SIZE / dev->sector_size;
+
+ /* If the device is too small to have room for data, reject it. */
+ if (data_end <= data_start)
+ goto error_free_disk;
+
+ disk->disk_specific = gpt_disk_data = ped_malloc (sizeof (GPTDiskData));
+ if (!disk->disk_specific)
+ goto error_free_disk;
+
ped_geometry_init (&gpt_disk_data->data_area, dev, data_start,
data_end - data_start + 1);
gpt_disk_data->entry_count = GPT_DEFAULT_PARTITION_ENTRIES;
@@ -665,6 +671,10 @@ _header_is_valid (PedDisk const *disk, GuidPartitionTableHeader_t *gpt,
if (first_usable < 3)
return 0;
+ PedSector last_usable = PED_LE64_TO_CPU (gpt->LastUsableLBA);
+ if (disk->dev->length < last_usable)
+ return 0;
+
origcrc = gpt->HeaderCRC32;
gpt->HeaderCRC32 = 0;
if (pth_crc32 (dev, gpt, &crc) != 0)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b57142b..86402c0 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -11,6 +11,7 @@ TESTS = \
t0200-gpt.sh \
t0201-gpt.sh \
t0202-gpt-pmbr.sh \
+ t0203-gpt-tiny-device-abort.sh \
t0205-gpt-list-clobbers-pmbr.sh \
t0206-gpt-print-with-corrupt-primary-clobbers-pmbr.sh \
t0207-IEC-binary-notation.sh \
diff --git a/tests/t0203-gpt-tiny-device-abort.sh b/tests/t0203-gpt-tiny-device-abort.sh
new file mode 100644
index 0000000..22c8b21
--- /dev/null
+++ b/tests/t0203-gpt-tiny-device-abort.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+# parted before 3.1 could abort for a pathologically small device with
+# a valid primary GPT header but no room for the backup header.
+
+# Copyright (C) 2009-2011 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../parted
+
+N=2M
+dev=loop-file
+# create a file large enough to hold a GPT partition table
+dd if=/dev/null of=$dev bs=1 seek=$N || framework_failure
+
+# create a GPT partition table
+parted -s $dev mklabel gpt > out 2>&1 || fail=1
+# expect no output
+compare out /dev/null || fail=1
+
+# truncate it to 34 sectors.
+for i in 33 34 35 67 68 69 101 102 103; do
+ dd if=$dev of=bad count=$i
+
+ # Print the partition table. Before, this would evoke a failed assertion.
+ printf 'i\no\n' > in
+ parted ---pretend-input-tty bad u s p < in > out 2> err || fail=1
+ # don't bother comparing stdout
+ # expect no stderr
+ compare err /dev/null || fail=1
+done
+
+Exit $fail
--
1.7.6.4

View File

@ -0,0 +1,67 @@
From fa9d7db0dfc89befe87a73f22e7d0473e505c9d9 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Wed, 5 Oct 2011 15:51:10 -0700
Subject: [PATCH 4/4] libparted: Fix a bug in the hfs probe functions
(#714758)
* libparted/fs/hfs/probe.c (hfsplus_probe): Add a check on the
search value and reject it if it is negative.
(hfsx_probe): Same
(hfs_and_wrapper_probe): Same
---
libparted/fs/hfs/probe.c | 18 +++++++++++-------
1 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/libparted/fs/hfs/probe.c b/libparted/fs/hfs/probe.c
index 8c656cf..bf4d70b 100644
--- a/libparted/fs/hfs/probe.c
+++ b/libparted/fs/hfs/probe.c
@@ -82,7 +82,8 @@ hfs_and_wrapper_probe (PedGeometry* geom)
+ ((PedSector) PED_BE16_TO_CPU (mdb->total_blocks)
* (PED_BE32_TO_CPU (mdb->block_size) / PED_SECTOR_SIZE_DEFAULT )));
max = search + (PED_BE32_TO_CPU (mdb->block_size) / PED_SECTOR_SIZE_DEFAULT);
- if (!(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
+ if ((search < 0)
+ || !(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
return NULL;
for (; search < max; search++) {
@@ -141,8 +142,9 @@ hfsplus_probe (PedGeometry* geom)
- 2;
search = max - 2 * ( PED_BE32_TO_CPU (vh->block_size)
/ PED_SECTOR_SIZE_DEFAULT ) + 2;
- if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
- search + 2)))
+ if ((search < 0)
+ || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+ search + 2)))
return NULL;
for (; search < max; search++) {
@@ -156,8 +158,9 @@ hfsplus_probe (PedGeometry* geom)
search = ((PedSector) PED_BE32_TO_CPU (vh->total_blocks) - 1)
* ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT )
- 1;
- if (!ped_geometry_set (geom_ret, geom_ret->start,
- search + 2)
+ if ((search < 0)
+ || !ped_geometry_set (geom_ret, geom_ret->start,
+ search + 2)
|| !ped_geometry_read (geom_ret, buf, search, 1)
|| vh->signature != PED_CPU_TO_BE16 (HFSP_SIGNATURE)) {
ped_geometry_destroy (geom_ret);
@@ -213,8 +216,9 @@ hfsx_probe (PedGeometry* geom)
* ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT )
- 2;
search = max - ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT );
- if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
- search + 2)))
+ if ((search < 0)
+ || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+ search + 2)))
return NULL;
for (; search < max; search++) {
if (!ped_geometry_set (geom_ret, geom_ret->start,
--
1.7.6.4

View File

@ -0,0 +1,55 @@
From 81a1eb6a888f85074536ed89c5c316de4e918c2b Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Sat, 25 Jun 2011 08:49:58 +0200
Subject: [PATCH 2/4] libparted: fix a bug in the nilfs2 probe function
* libparted/fs/nilfs2/nilfs2.c (nilfs2_probe): Reject this partition
if we get a negative sb2 offset. Passing a negative offset to
ped_geometry_read_alloc would evoke a failed assertion.
Bug introduced by 2010-07-09 commit d463e7de.
* NEWS: (Bug fixes): Mention it.
Reported by Daniel Fandrich in
http://thread.gmane.org/gmane.comp.gnu.parted.bugs/10466/focus=10472
---
NEWS | 3 +++
libparted/fs/nilfs2/nilfs2.c | 5 +++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 24e28e6..d35c6cc 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ GNU parted NEWS -*- outline -*-
** Bug fixes
+ libparted: no longer aborts (failed assertion) due to a nilfs2_probe bug
+ [bug introduced in parted-2.4 with the addition of nilfs2 support]
+
libparted: no longer aborts when reading a truncated GPT-formatted device
Fix numerous small leaks in both the library and the UI.
diff --git a/libparted/fs/nilfs2/nilfs2.c b/libparted/fs/nilfs2/nilfs2.c
index 511b155..166c54c 100644
--- a/libparted/fs/nilfs2/nilfs2.c
+++ b/libparted/fs/nilfs2/nilfs2.c
@@ -108,13 +108,14 @@ nilfs2_probe (PedGeometry* geom)
struct nilfs2_super_block *sb = NULL;
struct nilfs2_super_block *sb2 = NULL;
PedSector length = geom->length;
- PedSector sb2off;
/* ignore if sector size is not 512bytes for now */
if (geom->dev->sector_size != PED_SECTOR_SIZE_DEFAULT)
return NULL;
- sb2off = NILFS_SB2_OFFSET(length);
+ PedSector sb2off = NILFS_SB2_OFFSET(length);
+ if (sb2off <= 2)
+ return NULL;
if (ped_geometry_read_alloc(geom, &sb_v, 2, 1))
sb = sb_v;
--
1.7.6.4

View File

@ -0,0 +1,75 @@
From 68ff2e0c7563054e95389c1da5164b3d9c75c52b Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Fri, 7 Oct 2011 10:56:00 -0700
Subject: [PATCH 1/2] libparted: make pc98 detection depend on signatures
(#646053)
pc98 is not a common disk label. Change pc98_probe to only return true
if one of the recognized signatures is present.
Currently these include:
IPL1
Linux 98
GRUB/98
This will prevent false-positive detection on msdos labeled disks
* libparted/labels/pc98.c (pc98_probe): Change to require signature
(pc98_check_ipl_signature): Add more signatures
---
libparted/labels/pc98.c | 32 ++++++++++----------------------
1 files changed, 10 insertions(+), 22 deletions(-)
diff --git a/libparted/labels/pc98.c b/libparted/labels/pc98.c
index 3afa8a2..ea3cf4e 100644
--- a/libparted/labels/pc98.c
+++ b/libparted/labels/pc98.c
@@ -140,7 +140,14 @@ pc98_check_magic (const PC98RawTable *part_table)
static int
pc98_check_ipl_signature (const PC98RawTable *part_table)
{
- return !memcmp (part_table->boot_code + 4, "IPL1", 4);
+ if (memcmp (part_table->boot_code + 4, "IPL1", 4) == 0)
+ return 1;
+ else if (memcmp (part_table->boot_code + 4, "Linux 98", 8) == 0)
+ return 1;
+ else if (memcmp (part_table->boot_code + 4, "GRUB/98 ", 8) == 0)
+ return 1;
+ else
+ return 0;
}
static int
@@ -192,27 +199,8 @@ pc98_probe (const PedDevice *dev)
if (!pc98_check_magic (&part_table))
return 0;
- /* check consistency */
- empty = 1;
- for (p = part_table.partitions;
- p < part_table.partitions + MAX_PART_COUNT;
- p++)
- {
- if (p->mid == 0 && p->sid == 0)
- continue;
- empty = 0;
- if (!check_partition_consistency (dev, p))
- return 0;
- }
-
- /* check boot loader */
- if (pc98_check_ipl_signature (&part_table))
- return 1;
- else if (part_table.boot_code[0]) /* invalid boot loader */
- return 0;
-
- /* Not to mistake msdos disk map for PC-9800's empty disk map */
- if (empty)
+ /* check for boot loader signatures */
+ if (!pc98_check_ipl_signature (&part_table))
return 0;
return 1;
--
1.7.6.4

View File

@ -0,0 +1,75 @@
From 1a6336b7a903a6720604d7e8983f99939ec4b070 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Fri, 7 Oct 2011 11:41:25 -0700
Subject: [PATCH 2/2] tests: add tests for new pc98 signatures (#646053)
* tests/t2201-pc98-label-recog.sh: New file
* tests/Makefile.am: Add test
---
tests/Makefile.am | 1 +
tests/t2201-pc98-label-recog.sh | 41 +++++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 0 deletions(-)
create mode 100755 tests/t2201-pc98-label-recog.sh
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 903ca64..525ec99 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -25,6 +25,7 @@ TESTS = \
t1101-busy-partition.sh \
t1700-probe-fs.sh \
t2200-dos-label-recog.sh \
+ t2201-pc98-label-recog.sh \
t2300-dos-label-extended-bootcode.sh \
t2310-dos-extended-2-sector-min-offset.sh \
t2400-dos-hfs-partition-type.sh \
diff --git a/tests/t2201-pc98-label-recog.sh b/tests/t2201-pc98-label-recog.sh
new file mode 100755
index 0000000..6228159
--- /dev/null
+++ b/tests/t2201-pc98-label-recog.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Recognize PC98 labeled disks
+
+# Copyright (C) 2011 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../parted
+
+require_512_byte_sector_size_
+
+ss=$sector_size_
+N=8192
+dev=loop-file
+
+# create a file to simulate the underlying device
+dd if=/dev/null of=$dev bs=$ss seek=$N 2> /dev/null || fail=1
+
+# label the test disk
+parted -s $dev mklabel pc98 > out 2>&1 || fail=1
+compare out /dev/null || fail=1 # expect no output
+
+parted -s $dev p | grep "^Partition Table: pc98" || fail=1
+
+for s in "Linux 98" "GRUB/98 "; do
+ printf "$s" | dd bs=1c seek=4 of=$dev conv=notrunc || fail=1
+ parted -s $dev p | grep "^Partition Table: pc98" || fail=1
+done
+
+Exit $fail
--
1.7.6.4

View File

@ -0,0 +1,66 @@
From d8d4eac278939db6a22fe69181138be2d2dd79e6 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Wed, 28 Sep 2011 19:43:40 +0200
Subject: [PATCH 3/4] tests: test for the nilfs2 bug
* tests/t4300-nilfs2-tiny.sh: New test.
* tests/Makefile.am (TESTS): Add it.
---
tests/Makefile.am | 1 +
tests/t4300-nilfs2-tiny.sh | 32 ++++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 0 deletions(-)
create mode 100755 tests/t4300-nilfs2-tiny.sh
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 86402c0..e721f88 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -38,6 +38,7 @@ TESTS = \
t4100-dvh-partition-limits.sh \
t4100-msdos-starting-sector.sh \
t4200-partprobe.sh \
+ t4300-nilfs2-tiny.sh \
t5000-tags.sh \
t6000-dm.sh \
t7000-scripting.sh \
diff --git a/tests/t4300-nilfs2-tiny.sh b/tests/t4300-nilfs2-tiny.sh
new file mode 100755
index 0000000..009a3cd
--- /dev/null
+++ b/tests/t4300-nilfs2-tiny.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+# Trigger a nilfs2-related bug.
+
+# Copyright (C) 2011 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../parted
+ss=$sector_size_
+
+n_sectors=200
+dev=dev-file
+dd if=/dev/null of=$dev bs=$ss seek=$n_sectors || framework_failure_
+
+# Create a tiny, 7-sector partition.
+parted -s $dev mklabel gpt mkpart p1 64s 70s || framework_failure_
+
+# This used to make parted abort.
+parted -s $dev u s p || fail=1
+
+Exit $fail
--
1.7.6.4

View File

@ -4,7 +4,7 @@
Summary: The GNU disk partition manipulation program
Name: parted
Version: 3.0
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv3+
Group: Applications/System
URL: http://www.gnu.org/software/parted
@ -24,6 +24,12 @@ Patch4: parted-3.0-tests-add-test-for-radius-divide-by-2-fix.patch
Patch5: parted-3.0-tests-add-test-for-value-less-than-1.patch
# Fix for kernel 3.0 new version numbering.
Patch6: parted-3.0-libparted-accommodate-two-component-linux-version-nu.patch
Patch7: parted-3.0-gpt-don-t-abort-for-a-truncated-GPT-formatted-device.patch
Patch8: parted-3.0-libparted-fix-a-bug-in-the-nilfs2-probe-function.patch
Patch9: parted-3.0-tests-test-for-the-nilfs2-bug.patch
Patch10: parted-3.0-libparted-Fix-a-bug-in-the-hfs-probe-functions-71475.patch
Patch11: parted-3.0-libparted-make-pc98-detection-depend-on-signatures.patch
Patch12: parted-3.0-tests-add-tests-for-new-pc98-signatures-646053.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: e2fsprogs-devel
@ -152,6 +158,12 @@ fi
%changelog
* Fri Oct 07 2011 Brian C. Lane <bcl@redhat.com> - 3.0-3
- Fix handling of zero-length gpt partitions (#728949)
- Fix bug in nilfs2 probe with short partitions (#728949)
- Fix bug in hfs probe code (#714758)
- Make pc98 detection depend on specific signatures (#646053)
* Wed Jun 29 2011 Richard W.M. Jones <rjones@redhat.com> - 3.0-2
- (Re-)apply patch to fix Linux "3.0" problem.