vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix security issue when reading username and password

Browse source 
This patch fixes two integer underflows at:
  * grub-core/lib/crypto.c
  * grub-core/normal/auth.c

CVE-2015-8370

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
This commit is contained in:
Hector Marco-Gisbert 2015-12-16 07:57:18 +03:00 committed by Andrei Borzenkov
parent ff5726b878
commit 451d80e52d
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
grub-core/lib/crypto.c
View file

@ -470,6 +470,7 @@ grub_password_get (char buf[], unsigned buf_size)
if (key == '\b') if (key == '\b')
{ {
if (cur_len)
cur_len--; cur_len--;
continue; continue;
} }

3
grub-core/normal/auth.c
View file

@ -173,9 +173,12 @@ grub_username_get (char buf[], unsigned buf_size)
} }
if (key == '\b') if (key == '\b')
{
if (cur_len)
{ {
cur_len--; cur_len--;
grub_printf ("\b"); grub_printf ("\b");
}
continue; continue;
} }