From 149f009c3b4ab6bac8059b48142a1c3f698c8e53 Mon Sep 17 00:00:00 2001
From: Wang Dong <dongdwdw@linux.vnet.ibm.com>
Date: Fri, 23 Dec 2016 06:53:36 +0100
Subject: [PATCH] parted: fix crash due to improper partition number input

When the user makes a new partition, if parted fails to add the
partition to disk, it jumps to wrong error label. In this
situation, this new partition actually is not a node in disk
data structure. But in the wrong error label, it pretends this
is a node and removes it as a list node, leading to other
partition in this disk deleted. This might lead to a memory leak.
Because if there are other partitions, it just removes them from
list without releasing the resource. And this also leads to different
disk information between memory and device. This is confusing.

But when the new partition is added to disk successfully and if
any operations followed fail, this partition should be removed from
disk and destroyed.

Signed-off-by: Wang Dong <dongdwdw@linux.vnet.ibm.com>
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
---
 parted/ui.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

Index: parted-3.2/parted/ui.c
===================================================================
--- parted-3.2.orig/parted/ui.c
+++ parted-3.2/parted/ui.c
@@ -29,6 +29,8 @@
 #include <unistd.h>
 #include <setjmp.h>
 #include <assert.h>
+#include <limits.h>
+#include <errno.h>
 
 #include "command.h"
 #include "strlist.h"
@@ -912,16 +914,34 @@ command_line_get_integer (const char* pr
 {
         char     def_str [10];
         char*    input;
-        int      valid;
+        long     ret;
 
         snprintf (def_str, 10, "%d", *value);
         input = command_line_get_word (prompt, *value ? def_str : NULL,
                                        NULL, 1);
         if (!input)
                 return 0;
-        valid = sscanf (input, "%d", value);
+
+        errno = 0;
+
+	if (strstr(input, "0x") == input)
+	        ret = strtol (input, (char**) NULL, 16);
+	else
+	        ret = strtol (input, (char**) NULL, 10);
+        if (errno)
+                goto error;
+
+        if ((ret > INT_MAX) || (ret < INT_MIN))
+                goto error;
+        else
+                *value = (int) ret;
+
         free (input);
-        return valid;
+        return 1;
+
+error:
+        free (input);
+        return 0;
 }
 
 int
@@ -1031,6 +1051,7 @@ command_line_get_partition (const char*
                             PedPartition** value)
 {
         PedPartition*    part;
+        int ret;
 
         /* Flawed logic, doesn't seem to work?!
         check = ped_disk_next_partition (disk, part);
@@ -1047,7 +1068,8 @@ command_line_get_partition (const char*
         */
         int num = (*value) ? (*value)->num : 0;
 
-        if (!command_line_get_integer (prompt, &num)) {
+        ret = command_line_get_integer (prompt, &num);
+        if ((!ret) || (num < 0)) {
                 ped_exception_throw (PED_EXCEPTION_ERROR,
                                      PED_EXCEPTION_CANCEL,
                                      _("Expecting a partition number."));