lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 4 Feb 2015 16:53:36 +0100
From:	"Andries E. Brouwer" <Andries.Brouwer@....nl>
To:	Alexandr Kotov <kot@...ru>
Cc:	Andries Brouwer <Andries.Brouwer@....nl>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] partitions: Avoid recursion in extended partition
 scanning

On Wed, Feb 04, 2015 at 06:24:36PM +0400, Alexandr Kotov wrote:
> If externded partition record points to itself there will be recursion in
> partition scanning
> until we reach partition limit of 255 per disk.
> There is no big deal to have so many partition, but then udev takes place
> in handing this things
> it may run out off memory, especialy on systems with 1G and lower RAM on
> board. So you could neither boot with such disk inside nor erase it.
> I reported such error for Arch Linux some time ago
> https://bugs.archlinux.org/task/36532
> At the link above there is steps to reproduce bug.
> 
> Signed-off-by: Alexandr Kotov <kot@...ru>
> ---
>  block/partitions/msdos.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/block/partitions/msdos.c b/block/partitions/msdos.c
> index 93e7c1b..3f03768 100644
> --- a/block/partitions/msdos.c
> +++ b/block/partitions/msdos.c
> @@ -196,7 +196,8 @@ static void parse_extended(struct parsed_partitions
> *state,
>           */
>          p -= 4;
>          for (i = 0; i < 4; i++, p++)
> -            if (nr_sects(p) && is_extended_partition(p))
> +            if (nr_sects(p) && is_extended_partition(p)
> +                && start_sect(p) != 0)
>                  break;
>          if (i == 4)
>              goto done;     /* nothing left to do */
> -- 
> 2.1.0

Yes, one might do that.

This cannot be very urgent since this code is twenty years old.
This patch does not necessarily help, since there are more ways
recursion might happen. Perhaps it would be better to settle
this potential problem completely.

For example, ignore partitions that are known already (in the
"process data partitions" part), and let the loop terminate
via the loopct test that is already there.

Andries
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ