Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-143356

[RHEL10.2] libblockdev part_set_part_id should reject invalid partition ID

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-10.2
    • libblockdev
    • None
    • None
    • None
    • rhel-storage-management
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      How reproducible is this bug?:

      Steps to reproduce

      1.  
      2.  
      3.  

      Expected results

      Actual results

       

      self = <test_bd_part_parameter_validation.TestBDPartParameterValidation object at 0x7f1171c50a10>
test_context = <conftest.TestContext object at 0x7f1171c522a0>    def test_part_set_part_id_invalid_params(self, test_context):
        """
        Tests part_set_part_id (MBR) with invalid ID parameters.
        """
        self.context = test_context
        luks_helper = test_context.luks
        device = self.get_and_track_device(test_context)
    
        luks_helper._print(f"INFO: Testing part_set_part_id with invalid parameters")
    
        try:
            # Create MBR partition table and partition
            assert luks_helper.bd.part_create_table(device, luks_helper.bd.PartTableType.MSDOS, True)
            part_spec = luks_helper.bd.part_create_part(
                device, luks_helper.bd.PartType.NORMAL,
                1024*1024, 512*1024*1024, luks_helper.bd.PartAlign.OPTIMAL
            )
            assert part_spec is not None, "Failed to create partition"
    
            # Invalid partition IDs - libblockdev API should validate and reject these
            # MBR partition ID must be 0-255 (0x00-0xFF), string format like "83" or "0x83"
            invalid_ids = [
                ("", "empty string"),
                (None, "None value"),
                ("ZZ", "invalid hex characters"),
                ("invalid", "non-hex string"),
                ("\x00", "null byte"),
                ("83;id", "command injection"),
                ("83`id`", "backtick substitution"),
                ("FF" * 10, "very long hex string"),
                ("G0", "invalid hex (G)"),
                ("-1", "negative value"),
                ("-100", "large negative"),
                ("0x100", "hex overflow (>0xFF)"),
                ("999", "decimal overflow (>255)"),
                ("256", "decimal overflow (=256)"),
            ]
    
            for id_val, description in invalid_ids:
                try:
                    succ = luks_helper.bd.part_set_part_id(device, part_spec.path, id_val)
                    if succ:
>                       assert False, f"Should have rejected invalid partition ID ({description}): {repr(id_val)}"
E                       AssertionError: Should have rejected invalid partition ID (command injection): '83;id'
E                       assert Falsetests/bd/test_bd_part_parameter_validation.py:702: AssertionError

      6.12.0-184.el10.x86_64

      libblockdev-3.4.0-2.el10.x86_64

       

              vtrefny@redhat.com Vojtěch Trefný
              guazhang@redhat.com Guangwu Zhang
              Vojtěch Trefný Vojtěch Trefný
              Guangwu Zhang Guangwu Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: