[packages/parted.git] / 0104-parted-fix-crash-due-to-improper-partition-number-in.patch

From 149f009c3b4ab6bac8059b48142a1c3f698c8e53 Mon Sep 17 00:00:00 2001
From: Wang Dong <dongdwdw@linux.vnet.ibm.com>
Date: Fri, 23 Dec 2016 06:53:36 +0100
Subject: [PATCH 104/106] parted: fix crash due to improper partition number
 input

When the user makes a new partition, if parted fails to add the
partition to disk, it jumps to wrong error label. In this
situation, this new partition actually is not a node in disk
data structure. But in the wrong error label, it pretends this
is a node and removes it as a list node, leading to other
partition in this disk deleted. This might lead to a memory leak.
Because if there are other partitions, it just removes them from
list without releasing the resource. And this also leads to different
disk information between memory and device. This is confusing.

But when the new partition is added to disk successfully and if
any operations followed fail, this partition should be removed from
disk and destroyed.

Signed-off-by: Wang Dong <dongdwdw@linux.vnet.ibm.com>
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
---
 parted/ui.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/parted/ui.c b/parted/ui.c
index 505b8ac..5d76c20 100644
--- a/parted/ui.c
+++ b/parted/ui.c
@@ -29,6 +29,8 @@
 #include <unistd.h>
 #include <setjmp.h>
 #include <assert.h>
+#include <limits.h>
+#include <errno.h>
 
 #include "command.h"
 #include "strlist.h"
@@ -909,16 +911,30 @@ command_line_get_integer (const char* prompt, int* value)
 {
         char     def_str [10];
         char*    input;
-        int      valid;
+        long     ret;
 
         snprintf (def_str, 10, "%d", *value);
         input = command_line_get_word (prompt, *value ? def_str : NULL,
                                        NULL, 1);
         if (!input)
                 return 0;
-        valid = sscanf (input, "%d", value);
+
+        errno = 0;
+        ret = strtol (input, (char**) NULL, 10);
+        if (errno)
+                goto error;
+
+        if ((ret > INT_MAX) || (ret < INT_MIN))
+                goto error;
+        else
+                *value = (int) ret;
+
         free (input);
-        return valid;
+        return 1;
+
+error:
+        free (input);
+        return 0;
 }
 
 int
@@ -1029,6 +1045,7 @@ command_line_get_partition (const char* prompt, PedDisk* disk,
                             PedPartition** value)
 {
         PedPartition*    part;
+        int ret;
 
         /* Flawed logic, doesn't seem to work?!
         check = ped_disk_next_partition (disk, part);
@@ -1045,7 +1062,8 @@ command_line_get_partition (const char* prompt, PedDisk* disk,
         */
         int num = (*value) ? (*value)->num : 0;
 
-        if (!command_line_get_integer (prompt, &num)) {
+        ret = command_line_get_integer (prompt, &num);
+        if ((!ret) || (num < 0)) {
                 ped_exception_throw (PED_EXCEPTION_ERROR,
                                      PED_EXCEPTION_CANCEL,
                                      _("Expecting a partition number."));
-- 
2.20.1
Commit	Line	Data
74a816df MK	1	From 149f009c3b4ab6bac8059b48142a1c3f698c8e53 Mon Sep 17 00:00:00 2001
	2	From: Wang Dong <dongdwdw@linux.vnet.ibm.com>
	3	Date: Fri, 23 Dec 2016 06:53:36 +0100
	4	Subject: [PATCH 104/106] parted: fix crash due to improper partition number
	5	input
	6
	7	When the user makes a new partition, if parted fails to add the
	8	partition to disk, it jumps to wrong error label. In this
	9	situation, this new partition actually is not a node in disk
	10	data structure. But in the wrong error label, it pretends this
	11	is a node and removes it as a list node, leading to other
	12	partition in this disk deleted. This might lead to a memory leak.
	13	Because if there are other partitions, it just removes them from
	14	list without releasing the resource. And this also leads to different
	15	disk information between memory and device. This is confusing.
	16
	17	But when the new partition is added to disk successfully and if
	18	any operations followed fail, this partition should be removed from
	19	disk and destroyed.
	20
	21	Signed-off-by: Wang Dong <dongdwdw@linux.vnet.ibm.com>
	22	Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
	23	---
	24	parted/ui.c \| 26 ++++++++++++++++++++++----
	25	1 file changed, 22 insertions(+), 4 deletions(-)
	26
	27	diff --git a/parted/ui.c b/parted/ui.c
	28	index 505b8ac..5d76c20 100644
	29	--- a/parted/ui.c
	30	+++ b/parted/ui.c
	31	@@ -29,6 +29,8 @@
	32	#include <unistd.h>
	33	#include <setjmp.h>
	34	#include <assert.h>
	35	+#include <limits.h>
	36	+#include <errno.h>
	37
	38	#include "command.h"
	39	#include "strlist.h"
	40	@@ -909,16 +911,30 @@ command_line_get_integer (const char* prompt, int* value)
	41	{
	42	char def_str [10];
	43	char* input;
	44	- int valid;
	45	+ long ret;
	46
	47	snprintf (def_str, 10, "%d", *value);
	48	input = command_line_get_word (prompt, *value ? def_str : NULL,
	49	NULL, 1);
	50	if (!input)
	51	return 0;
	52	- valid = sscanf (input, "%d", value);
	53	+
	54	+ errno = 0;
	55	+ ret = strtol (input, (char**) NULL, 10);
	56	+ if (errno)
	57	+ goto error;
	58	+
	59	+ if ((ret > INT_MAX) \|\| (ret < INT_MIN))
	60	+ goto error;
	61	+ else
	62	+ *value = (int) ret;
	63	+
	64	free (input);
65	- return valid;
66	+ return 1;
67	+
68	+error:
69	+ free (input);
70	+ return 0;
71	}
72
73	int
74	@@ -1029,6 +1045,7 @@ command_line_get_partition (const char* prompt, PedDisk* disk,
75	PedPartition** value)
76	{
77	PedPartition* part;
78	+ int ret;
79
80	/* Flawed logic, doesn't seem to work?!
81	check = ped_disk_next_partition (disk, part);
82	@@ -1045,7 +1062,8 @@ command_line_get_partition (const char* prompt, PedDisk* disk,
83	*/
84	int num = (value) ? (value)->num : 0;
85
86	- if (!command_line_get_integer (prompt, &num)) {
87	+ ret = command_line_get_integer (prompt, &num);
88	+ if ((!ret) \|\| (num < 0)) {
89	ped_exception_throw (PED_EXCEPTION_ERROR,
90	PED_EXCEPTION_CANCEL,
91	_("Expecting a partition number."));
92	--
93	2.20.1
94