diff options
| author | mdf <mdf@FreeBSD.org> | 2011-01-07 16:46:20 +0000 |
|---|---|---|
| committer | mdf <mdf@FreeBSD.org> | 2011-01-07 16:46:20 +0000 |
| commit | be1c25c6aa4aff9d16c90f8f64c1cd2d3e99d6e0 (patch) | |
| tree | 503802ad08796611c60c13e98430102d88b3124c /sys/geom/part/g_part_gpt.c | |
| parent | 30039e1e2f5bb8aa10fe2af16d5bfd11033ff764 (diff) | |
| download | FreeBSD-src-be1c25c6aa4aff9d16c90f8f64c1cd2d3e99d6e0.zip FreeBSD-src-be1c25c6aa4aff9d16c90f8f64c1cd2d3e99d6e0.tar.gz | |
Fix a memory overflow where the input length to g_gpt_utf8_to_utf16()
was specified incorrectly, causing the bzero to run past the end of a
malloc(9)'d object.
Submitted by: Eric Youngblut < eyoungblut AT isilon DOT com >
MFC after: 3 days
Diffstat (limited to 'sys/geom/part/g_part_gpt.c')
| -rw-r--r-- | sys/geom/part/g_part_gpt.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/geom/part/g_part_gpt.c b/sys/geom/part/g_part_gpt.c index 3aa858d..3f3464d 100644 --- a/sys/geom/part/g_part_gpt.c +++ b/sys/geom/part/g_part_gpt.c @@ -425,7 +425,8 @@ g_part_gpt_add(struct g_part_table *basetable, struct g_part_entry *baseentry, } if (gpp->gpp_parms & G_PART_PARM_LABEL) g_gpt_utf8_to_utf16(gpp->gpp_label, entry->ent.ent_name, - sizeof(entry->ent.ent_name)); + sizeof(entry->ent.ent_name) / + sizeof(entry->ent.ent_name[0])); return (0); } @@ -588,7 +589,8 @@ g_part_gpt_modify(struct g_part_table *basetable, } if (gpp->gpp_parms & G_PART_PARM_LABEL) g_gpt_utf8_to_utf16(gpp->gpp_label, entry->ent.ent_name, - sizeof(entry->ent.ent_name)); + sizeof(entry->ent.ent_name) / + sizeof(entry->ent.ent_name[0])); return (0); } |
