From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 From: Hector Marco-Gisbert Date: Wed, 16 Dec 2015 07:57:18 +0300 Subject: [PATCH] Fix security issue when reading username and password This patch fixes two integer underflows at: * grub-core/lib/crypto.c * grub-core/normal/auth.c CVE-2015-8370 Signed-off-by: Hector Marco-Gisbert Signed-off-by: Ismael Ripoll-Ripoll Also-By: Andrey Borzenkov --- grub-core/lib/crypto.c | 3 ++- grub-core/normal/auth.c | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c index 010e550d1..683a8aaa7 100644 --- a/grub-core/lib/crypto.c +++ b/grub-core/lib/crypto.c @@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) if (key == '\b') { - cur_len--; + if (cur_len) + cur_len--; continue; } diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c index c6bd96e28..8615c48c3 100644 --- a/grub-core/normal/auth.c +++ b/grub-core/normal/auth.c @@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) if (key == '\b') { - cur_len--; - grub_printf ("\b"); + if (cur_len) + { + cur_len--; + grub_printf ("\b"); + } continue; }