Commit graph

9109 commits

Author SHA1 Message Date
Vladimir Serbinenko
69aee43fa6 * grub-core/kern/efi/mm.c (grub_efi_get_memory_map): Never return a
descriptor_size==0 to avoid potential divisions by zero.
2015-01-21 17:42:15 +01:00
Vladimir Serbinenko
ac8bac2496 haiku/getroot.c (grub_util_find_partition_start_os): Avoid division by zero. 2015-01-21 17:42:15 +01:00
Vladimir Serbinenko
4e0a25a4c0 rtc_get_time_ms.c (grub_rtc_get_time_ms): Avoid division by zero. 2015-01-21 17:42:14 +01:00
Vladimir Serbinenko
b666e01b9c * grub-core/loader/i386/xnu.c (guessfsb): Avoid division by 0. 2015-01-21 17:42:14 +01:00
Vladimir Serbinenko
2e62352bc2 * grub-core/kern/i386/tsc.c (calibrate_tsc): Ensure that
no division by 0 occurs.
2015-01-21 17:42:14 +01:00
Vladimir Serbinenko
e360b5d176 * include/grub/misc.h (grub_div_roundup): Remove as it's unused. 2015-01-21 17:42:14 +01:00
Vladimir Serbinenko
c453760c71 * grub-core/term/gfxterm.c: Avoid division by zero. 2015-01-21 17:42:13 +01:00
Vladimir Serbinenko
e95685dab1 Avoid division by zero in serial. 2015-01-21 17:42:13 +01:00
Vladimir Serbinenko
4816dcac19 * grub-core/video/readers/jpeg.c: Avoid division by zero. 2015-01-21 17:42:13 +01:00
Vladimir Serbinenko
750f4bacd3 * grub-core/disk/diskfilter.c: Validate volumes to avoid division by zero. 2015-01-21 17:42:13 +01:00
Vladimir Serbinenko
1b6aaddc45 term.h: Avoid returining 0-sized terminal as it may lead to division by zero. 2015-01-21 17:42:13 +01:00
Vladimir Serbinenko
475bffeae6 * grub-core/fs/zfs.c: Avoid divisions by zero. 2015-01-21 17:42:12 +01:00
Vladimir Serbinenko
9deb46e363 * grub-core/fs/btrfs.c: Avoid divisions by zero. 2015-01-21 17:42:12 +01:00
Vladimir Serbinenko
065ed900d4 grub-core/lib/pbkdf2.c (grub_crypto_pbkdf2): Check that hash len is not 0. 2015-01-21 17:42:12 +01:00
Vladimir Serbinenko
111ab3b9cc osdep/linux/blocklist.c (grub_install_get_blocklist): Check blocksize validity. 2015-01-21 17:42:12 +01:00
Vladimir Serbinenko
4200ad44fe * grub-core/disk/i386/pc/biosdisk.c: Check disk size sanity. 2015-01-21 17:42:12 +01:00
Vladimir Serbinenko
f1959b1695 * grub-core/disk/ieee1275/nand.c (grub_nand_open): Check block size
validity.
2015-01-21 17:42:11 +01:00
Vladimir Serbinenko
935863518f grub_dmraid_nv_detect: Do not divide by zero. 2015-01-21 17:42:11 +01:00
Vladimir Serbinenko
98f74998d5 * grub-core/fs/hfs.c (grub_hfs_mount): Additional filesystem sanity checks. 2015-01-21 17:42:11 +01:00
Vladimir Serbinenko
5ed3a5d049 * grub-core/fs/minix.c: Additional filesystem sanity checks. 2015-01-21 17:42:11 +01:00
Vladimir Serbinenko
47cd2645dd * grub-core/fs/ext2.c (grub_ext2_mount): Additional checks for superblock validity. 2015-01-21 17:42:11 +01:00
Vladimir Serbinenko
245e21b2b5 grub_ufs_mount: Check that sblock.ino_per_group is not 0. 2015-01-21 17:42:11 +01:00
Vladimir Serbinenko
9201cd79a3 Reject NILFS2 superblocks with over 1GiB blocks.
* grub-core/fs/nilfs2.c (grub_nilfs2_valid_sb): Check that
	block size is <= 1GiB.
2015-01-21 17:42:10 +01:00
Vladimir Serbinenko
f27ccb584c grub_ata_setaddress: Check that geometry is sane when using CHS addressing. 2015-01-21 17:42:10 +01:00
Vladimir Serbinenko
1dfe3f973e * grub-core/disk/AFSplitter.c (AF_merge): Check that mdlen is not 0. 2015-01-21 17:42:10 +01:00
Vladimir Serbinenko
44461d5af2 grub_cmd_play: Avoid division by zero. 2015-01-21 17:42:10 +01:00
Vladimir Serbinenko
30e177a05b grub-core/fs/minix.c (grub_minix_read_file): Avoid reading past the end of file. 2015-01-21 17:42:06 +01:00
Vladimir Serbinenko
af435524cd grub_fshelp_read_file: Don't attempt to read past the end of file. 2015-01-21 17:38:04 +01:00
Vladimir Serbinenko
66ce4d1aef grub_script_lexer_yywrap: Update len synchronously with line. 2015-01-21 17:38:01 +01:00
Vladimir Serbinenko
59d4036594 Replace explicit sizeof divisions by ARRAY_SIZE. 2015-01-21 17:37:31 +01:00
Kris Moore
ba3031f996 Support GELI v6 and v7 2015-01-19 21:56:41 +03:00
Andrei Borzenkov
bac5d1a64a Fix serial --rtscts option processing 2014-12-09 21:56:39 +03:00
David Kozub
17328db3b3 grub-core/kern/arm/misc.S: fix unaligned grub_uint64_t local variable
The unaligned local in __aeabi_uidivmod leads to a store to a 64bit
value at an address that is not divisible by 8 (in grub_divmod64).
The compiler most likely generates a STRD instruction to store it and
this causes an exception.

Fixes Savannah bug #43632.

This includes improvements done by Leif Lindholm.
2014-12-07 20:16:29 +03:00
Peter Nelson
58f66137a3 * grub-core/fs/ext2.c (grub_ext2_read_block): Support large sparse chunks. 2014-12-07 17:57:49 +01:00
Andrei Borzenkov
cdae5bf208 Avoid use of non-portable echo -n in grub-mkconfig
util/grub-mkconfig_lib.in(version_test_gt): "echo -n" is not really needed,
final newline is stripped by command substitution.

util/grub.d/10_kfreebsd.in, util/grub.d/10_linux.in,
util/grub.d/20_linux_xen.in: change how list is built, to avoid echo -n
completely.

util/grub.d/30_os-prober.in: add spaces to printed line directly

Closes 43668.
2014-12-07 14:56:17 +03:00
Curtis Larsen
06eadf5ebf fix double free in grub_net_recv_tcp_packet
Using the http module to download config files, produces memory errors,
after the config file is downloaded.

The error was traced to the tcp stack in grub-core/net/tcp.c. The wrong
netbuff pointer was being freed in the clean up loop.

Changing the code to free the correct netbuff pointer removes the runtime
error.

Closes 42765.
2014-12-07 11:28:57 +03:00
Andrei Borzenkov
ebb3d958aa fix memory corruption in pubkey filter over network
grub_pubkey_open closed original file after it was read; it set
io->device to NULL to prevent grub_file_close from trying to close device.
But network device itself is stacked (net -> bufio); and bufio preserved
original netfs file which hold reference to device. grub_file_close(io)
called grub_bufio_close which called grub_file_close for original file.
grub_file_close(netfs-file) now also called grub_device_close which
freed file->device->net. So file structure returned by grub_pubkey_open
now had device->net pointed to freed memory. When later file was closed,
it was attempted to be freed again.

Change grub_pubkey_open to behave like other filters - preserve original
parent file and pass grub_file_close down to parent. In this way only the
original file will close device. We really need to move this logic into
core instead.

Also plug memory leaks in error paths on the way.

Reported-By: Robert Kliewer <robert.kliewer@gmail.com>
Closes: bug #43601
2014-12-05 21:17:08 +03:00
Andrei Borzenkov
272e0466da add file filters tests
Tests file access with all filters enabled. It does it both for local
and network access, due to regression in signature checking over network.

This includes all files in distribution to not depend on existence
of compression tools and gpg. Test preloads all required modules to
avoid having to provide signatures for them.

Still not implemented is file offset filter (is not available in grub
script, needs extra module)
2014-12-05 21:04:06 +03:00
Andrei Borzenkov
4b94e3227b grub-shell: support --files also for net boot
This allows running tests that require extra files using netboot as well.
2014-12-05 19:55:59 +03:00
Andrei Borzenkov
3173c7501c grub-core/loader/i386/xen_fileXX.c: memory leak in grub_xen_get_infoXX
CID: 73645, 73782
2014-12-01 21:23:54 +03:00
Andrei Borzenkov
03d79a878b grub-core/fs/zfs/zfsinfo.c: memory leak in print_vdev_info
CID: 73635
2014-12-01 20:54:12 +03:00
Andrei Borzenkov
dbbac5a04c grub-core/lib/syslinux_parse.c: do not free array
say->msg is inline array in a structure and should not be freed.
CID: 73610
2014-11-30 18:49:14 +03:00
Andrei Borzenkov
343dad410e grub-core/disk/lzopio.c: fix double free in error path
CID: 73665
2014-11-28 22:37:00 +03:00
Andrei Borzenkov
f07784e890 Fix ChangeLog 2014-11-28 22:35:01 +03:00
Andrei Borzenkov
bbbcb791ed grub-core/disk/geli.c: fix memory leaks in error paths
CID: 73813, 73710
2014-11-28 22:23:30 +03:00
Andrei Borzenkov
740c08ed2f Use ssize_t for grub_util_fd_read result
Fixes commit 0415dbe28f.
2014-11-28 21:43:07 +03:00
Andrei Borzenkov
ea44693fc8 grub-core/disk/luks.c: fix use after free and memory leaks
configure_ciphers:

- several memory leaks where allocated ciphers were not freed. CID: 73813,
73710

- use after free. It is probably quite innocent as grub is single threaded,
but could potentially be a problem with memory allocator debugger turned on.
CID: 73730

luks_recover_key:

- memory leak. CID: 73854
2014-11-28 21:12:00 +03:00
Andrei Borzenkov
0415dbe28f grub-install-common: avoid out of bound access when read failed
Check that modinfo.sh could be read successfully; abort on error. Avoids
potential out-of-bound array access.

CID: 73819
2014-11-28 20:45:27 +03:00
Andrei Borzenkov
478b567520 grub-mkstandalone: out of bound access to tar header magic
Magic size is 6 bytes and we copied 7 bytes in it.

CID: 73587, 73888
Closes bug 43690
2014-11-28 20:39:22 +03:00
Michael Chang
7c4b6b7bb4 send router solicitation for ipv6 address autoconf v2
Many routers have long router advertisment interval configured by
default. The Neighbor Discovery protocol (RFC4861) has defined default
MaxRtrAdvInterval value as 600 seconds and
MinRtrAdvInterval as 0.33*MaxRtrAdvInterval. This makes
net_ipv6_autoconf fails more often than not as currently it passively
listens the RA message to perfom address autoconfiguration.

This patch tries to send router solicitation to overcome the problem of
long RA interval.

v2:
use cpu_to_be macro for network byte order conversion
add missing error handling
2014-11-28 20:21:34 +03:00