grub-mkstandalone: out of bound access to tar header magic

Magic size is 6 bytes and we copied 7 bytes in it.

CID: 73587, 73888
Closes bug 43690
This commit is contained in:
Andrei Borzenkov 2014-11-28 20:39:22 +03:00
parent 7c4b6b7bb4
commit 478b567520
2 changed files with 7 additions and 2 deletions

View file

@ -1,3 +1,8 @@
2014-11-28 Andrei Borzenkov <arvidjaar@gmail.com>
* util/grub-mkstandalone.c (add_tar_file): Fix out of bound access
to hd.magic (Coverity CID 73587, 73888, bug 43690).
2014-11-20 Andrei Borzenkov <arvidjaar@gmail.com> 2014-11-20 Andrei Borzenkov <arvidjaar@gmail.com>
* tests/util/grub-fs-tester.in: Consistently print output * tests/util/grub-fs-tester.in: Consistently print output

View file

@ -236,7 +236,7 @@ add_tar_file (const char *from,
set_tar_value (hd.size, optr - tcn, 12); set_tar_value (hd.size, optr - tcn, 12);
set_tar_value (hd.mtime, mtime, 12); set_tar_value (hd.mtime, mtime, 12);
hd.typeflag = 'L'; hd.typeflag = 'L';
memcpy (hd.magic, "ustar ", 7); memcpy (hd.magic, MAGIC, sizeof (hd.magic));
memcpy (hd.uname, "grub", 4); memcpy (hd.uname, "grub", 4);
memcpy (hd.gname, "grub", 4); memcpy (hd.gname, "grub", 4);
@ -266,7 +266,7 @@ add_tar_file (const char *from,
set_tar_value (hd.size, size, 12); set_tar_value (hd.size, size, 12);
set_tar_value (hd.mtime, mtime, 12); set_tar_value (hd.mtime, mtime, 12);
hd.typeflag = '0'; hd.typeflag = '0';
memcpy (hd.magic, "ustar ", 7); memcpy (hd.magic, MAGIC, sizeof (hd.magic));
memcpy (hd.uname, "grub", 4); memcpy (hd.uname, "grub", 4);
memcpy (hd.gname, "grub", 4); memcpy (hd.gname, "grub", 4);