Fix issue discovered by honggfuzzGptHeader::header_size is supposed…

… to between, inclusive, 92 and the logical block size.Slice indexing goes out of range and panics if this isn't checked.Also check that it's enough for our GptHeader struct.
DianaNites · Oct 2, 2019 · d8ab05d · d8ab05d
1 parent 2a9e14a
commit d8ab05d
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/gpt.rs b/src/gpt.rs
@@ -78,6 +78,13 @@ fn check_validity<RS: Read + Seek>(
     block_size: u64,
 ) -> Result<(), InnerError> {
     ensure!(header.signature == EFI_PART, Signature);
+    ensure!(header.header_size >= 92, InvalidGptHeader);
+    // FIXME: This one shouldn't be a requirement.
+    ensure!(
+        header.header_size <= std::mem::size_of::<GptHeader>() as u32,
+        InvalidGptHeader
+    );
+    ensure!(header.header_size <= block_size as u32, InvalidGptHeader);
     let old_crc = std::mem::replace(&mut header.header_crc32, 0);
     let crc = calculate_crc(header);
     header.header_crc32 = old_crc;