ed (Ed Gould) (11/15/89)
Description:
If a disk label has correct magic numbers but a badly
corrupted number of partitions, then the checksum routine
may run wild.
Repeat-By:
Corrupt a label suitably,
Fix:
Make the code that looks for the label more defensive.
This has the effect of not accepting a label that would
otherwise be correct except for a too-large number of
partitions.
*** /usr/tahoesrc/sys/sys/ufs_disksubr.c Sat Jun 11 18:54:43 1988
--- sys/ufs_disksubr.c Tue Nov 14 16:14:56 1989
***************
*** 157,165 ****
dlp <= (struct disklabel *)(bp->b_un.b_addr+DEV_BSIZE-sizeof(*dlp));
dlp = (struct disklabel *)((char *)dlp + sizeof(long))) {
if (dlp->d_magic != DISKMAGIC || dlp->d_magic2 != DISKMAGIC) {
if (msg == NULL)
msg = "no disk label";
! } else if (dkcksum(dlp) != 0)
msg = "disk label corrupted";
else {
*lp = *dlp;
--- 157,166 ----
dlp <= (struct disklabel *)(bp->b_un.b_addr+DEV_BSIZE-sizeof(*dlp));
dlp = (struct disklabel *)((char *)dlp + sizeof(long))) {
if (dlp->d_magic != DISKMAGIC || dlp->d_magic2 != DISKMAGIC) {
if (msg == NULL)
msg = "no disk label";
! } else if (dlp->d_npartitions > MAXPARTITIONS ||
! dkcksum(dlp) != 0)
msg = "disk label corrupted";
else {
*lp = *dlp;
***************
*** 166,180 ****
msg = NULL;
break;
}
}
- if (lp->d_npartitions > MAXPARTITIONS)
- lp->d_npartitions = MAXPARTITIONS;
bp->b_flags = B_INVAL | B_AGE;
brelse(bp);
return (msg);
}
/*
* Check new disk label for sensibility
* before setting it.
*/