relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow

Use arithmetic macros from safemath.h to accomplish it. In this commit, I didn't want to be too paranoid to check every possible math equation for overflow/underflow. Only obvious places (with non zero chance of overflow/underflow) were refactored. Signed-off-by: Alexey Makhalov <amakhalov@vmware.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-15 06:42:37 +00:00 · 2020-07-15 06:42:37 +00:00 · caea56d1f8
commit caea56d1f8
parent 781b3e5efc
4 changed files with 31 additions and 10 deletions
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@ -36,6 +36,7 @@
 #include <grub/lib/cmdline.h>
 #include <grub/linux.h>
 #include <grub/machine/kernel.h>
+#include <grub/safemath.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -547,9 +548,13 @@ grub_linux_boot (void)

  {
    grub_relocator_chunk_t ch;
+    grub_size_t sz;
+
+    if (grub_add (ctx.real_size, efi_mmap_size, &sz))
+      return GRUB_ERR_OUT_OF_RANGE;
+
    err = grub_relocator_alloc_chunk_addr (relocator, &ch,
-					   ctx.real_mode_target,
-					   (ctx.real_size + efi_mmap_size));
+					   ctx.real_mode_target, sz);
    if (err)
     return err;
    real_mode_mem = get_virtual_current_address (ch);