From 529818738fb2aafb05721830dc99cc6c8736a048 Mon Sep 17 00:00:00 2001 From: Vladimir Serbinenko Date: Tue, 7 Feb 2017 00:47:23 +0100 Subject: [PATCH] xen: Fix parsing of XZ kernel. In case of xz, the uncompressed size is appended to xz data which confuses our xz decompressor. Trim it. --- grub-core/loader/i386/xen_file.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/grub-core/loader/i386/xen_file.c b/grub-core/loader/i386/xen_file.c index 37f9ad8ac..99fad4cad 100644 --- a/grub-core/loader/i386/xen_file.c +++ b/grub-core/loader/i386/xen_file.c @@ -20,12 +20,16 @@ #include #include +#define XZ_MAGIC "\3757zXZ\0" + grub_elf_t grub_xen_file (grub_file_t file) { grub_elf_t elf; struct linux_kernel_header lh; grub_file_t off_file; + grub_uint32_t payload_offset, payload_length; + grub_uint8_t magic[6]; elf = grub_elf_file (file, file->name); if (elf) @@ -46,20 +50,36 @@ grub_xen_file (grub_file_t file) return NULL; } - if (lh.payload_length < 4) + payload_length = lh.payload_length; + payload_offset = (lh.setup_sects + 1) * 512 + + lh.payload_offset; + + if (payload_length < sizeof (magic)) { grub_error (GRUB_ERR_BAD_OS, "payload too short"); return NULL; } grub_dprintf ("xen", "found bzimage payload 0x%llx-0x%llx\n", - (unsigned long long) (lh.setup_sects + 1) * 512 - + lh.payload_offset, + (unsigned long long) payload_offset, (unsigned long long) lh.payload_length); - off_file = grub_file_offset_open (file, (lh.setup_sects + 1) * 512 - + lh.payload_offset, - lh.payload_length); + grub_file_seek (file, payload_offset); + + if (grub_file_read (file, &magic, sizeof (magic)) != sizeof (magic)) + { + if (!grub_errno) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + file->name); + goto fail; + } + + /* Kernel suffixes xz payload with their uncompressed size. + Trim it. */ + if (grub_memcmp (magic, XZ_MAGIC, sizeof (XZ_MAGIC) - 1) == 0) + payload_length -= 4; + off_file = grub_file_offset_open (file, payload_offset, + payload_length); if (!off_file) goto fail;