[src/trunk]: src/sbin/disklabel CVE 1020935: Prevent overflow

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/206e7e4521cd
branches:  trunk
changeset: 786819:206e7e4521cd
user:      christos <christos%NetBSD.org@localhost>
date:      Mon May 13 17:58:50 2013 +0000

description:
CVE 1020935: Prevent overflow

diffstat:

 sbin/disklabel/main.c |  10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diffs (31 lines):

diff -r 5059ac334d57 -r 206e7e4521cd sbin/disklabel/main.c
--- a/sbin/disklabel/main.c     Mon May 13 17:54:55 2013 +0000
+++ b/sbin/disklabel/main.c     Mon May 13 17:58:50 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.32 2013/05/05 15:59:42 skrll Exp $  */
+/*     $NetBSD: main.c,v 1.33 2013/05/13 17:58:50 christos Exp $       */
 
 /*
  * Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -76,7 +76,7 @@
 static char sccsid[] = "@(#)disklabel.c        8.4 (Berkeley) 5/4/95";
 /* from static char sccsid[] = "@(#)disklabel.c        1.2 (Symmetric) 11/28/85"; */
 #else
-__RCSID("$NetBSD: main.c,v 1.32 2013/05/05 15:59:42 skrll Exp $");
+__RCSID("$NetBSD: main.c,v 1.33 2013/05/13 17:58:50 christos Exp $");
 #endif
 #endif /* not lint */
 
@@ -1835,6 +1835,12 @@
                        errors++;
                        continue;
                }
+               if (part >= __arraycount(lp->d_partitions)) {
+                       warnx("line %d: partition id %s, >= %zu", lineno,
+                           cp, __arraycount(lp->d_partitions));
+                       errors++;
+                       continue;
+               }
                pp = &lp->d_partitions[part];
 
                NXTXNUM(pp->p_size);