From 1b7748eb13380b61dcf240472d23db42cf30e17e Mon Sep 17 00:00:00 2001
From: robertmh <robertmh@localhost>
Date: Sun, 5 Oct 2008 10:51:23 +0000
Subject: [PATCH] 2008-10-05  Hans Lambermont  <hans@lambermont.dyndns.org>

        * disk/lvm.c (grub_lvm_scan_device): Allocate buffer space for the
        circular metadata worst case scenario. If the metadata is circular
        then copy the wrap in place.
        * include/grub/lvm.h: Add GRUB_LVM_MDA_HEADER_SIZE, from the LVM2
        project lib/format_text/layout.h
        Circular metadata bug found and patch debugged by Jan Derk Gerlings.
---
 ChangeLog          |  9 +++++++++
 disk/lvm.c         | 13 ++++++++++++-
 include/grub/lvm.h |  1 +
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8d74cc1bc..2e75ce8d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2008-10-05  Hans Lambermont  <hans@lambermont.dyndns.org>
+
+	* disk/lvm.c (grub_lvm_scan_device): Allocate buffer space for the
+	circular metadata worst case scenario. If the metadata is circular
+	then copy the wrap in place.
+	* include/grub/lvm.h: Add GRUB_LVM_MDA_HEADER_SIZE, from the LVM2
+	project lib/format_text/layout.h
+	Circular metadata bug found and patch debugged by Jan Derk Gerlings.
+
 2008-10-03  Felix Zielcke  <fzielcke@z-51.de>
 
 	* util/i386/pc/grub-install.in: Source grub-mkconfig_lib instead of update-grub_lib.
diff --git a/disk/lvm.c b/disk/lvm.c
index cd9e44751..a28d339a5 100644
--- a/disk/lvm.c
+++ b/disk/lvm.c
@@ -281,7 +281,8 @@ grub_lvm_scan_device (const char *name)
       goto fail;
     }
 
-  metadatabuf = grub_malloc (mda_size);
+  /* Allocate buffer space for the circular worst-case scenario. */
+  metadatabuf = grub_malloc (2 * mda_size);
   if (! metadatabuf)
     goto fail;
 
@@ -300,6 +301,16 @@ grub_lvm_scan_device (const char *name)
     }
 
   rlocn = mdah->raw_locns;
+  if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) >
+      grub_le_to_cpu64 (mdah->size))
+    {
+      /* Metadata is circular. Copy the wrap in place. */
+      grub_memcpy (metadatabuf + mda_size,
+                   metadatabuf + GRUB_LVM_MDA_HEADER_SIZE,
+                   grub_le_to_cpu64 (rlocn->offset) +
+                   grub_le_to_cpu64 (rlocn->size) -
+                   grub_le_to_cpu64 (mdah->size));
+    }
   p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset);
 
   while (*q != ' ' && q < metadatabuf + mda_size)
diff --git a/include/grub/lvm.h b/include/grub/lvm.h
index 8c07ec449..dd91cc672 100644
--- a/include/grub/lvm.h
+++ b/include/grub/lvm.h
@@ -103,6 +103,7 @@ struct grub_lvm_pv_header {
 
 #define GRUB_LVM_FMTT_MAGIC "\040\114\126\115\062\040\170\133\065\101\045\162\060\116\052\076"
 #define GRUB_LVM_FMTT_VERSION 1
+#define GRUB_LVM_MDA_HEADER_SIZE 512
 
 /* On disk */
 struct grub_lvm_raw_locn {