Commit graph

34 commits

Author SHA1 Message Date
Peter Jones
3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Vladimir Serbinenko
ad4bfeec5c Change fs functions to add fs_ prefix
This avoid conflict with gnulib

Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-09 10:03:29 +10:00
Pali Rohár
435fa75e01 * grub-core/fs/udf.c: Add support for UUID
Use same algorithm as in libblkid from util-linux v2.30.

1. Take first 16 bytes from UTF-8 encoded string of VolumeSetIdentifier
2. If all bytes are hexadecimal digits, convert to lowercase and use as UUID
3. If first 8 bytes are not all hexadecimal digits, convert those 8 bytes
   to their hexadecimal representation, resulting in 16 bytes for UUID
4. Otherwise, compose UUID from two parts:
   1. part: converted first 8 bytes (which are hexadecimal digits) to lowercase
   2. part: encoded following 4 bytes to their hexadecimal representation (16 bytes)

So UUID would always have 16 hexadecimal digits in lowercase variant.

According to UDF specification, first 16 Unicode characters of
VolumeSetIdentifier should be unique value and first 8 should be
hexadecimal characters.

In most cases all 16 characters are hexadecimal, but e.g. MS Windows
format.exe set only first 8 as hexadecimal and remaining as fixed
(non-unique) which violates specification.
2017-08-07 17:51:50 +02:00
Pali Rohár
76188809d5 udf: Fix reading label, lvd.ident is dstring
UDF dstring has stored length in the last byte of buffer. Therefore last
byte is not part of recorded characters. And empty string in dstring is
encoded as empty buffer, including first byte (compression id).
2017-08-07 17:51:50 +02:00
Vladimir Serbinenko
9ee5ae1fae Document intentional fallthroughs.
Found by: Coverity scan.
2015-01-27 17:17:58 +01:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw.
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir 'phcoder' Serbinenko
0927e5bdc8 * grub-core/fs/udf.c: Remove variable length arrays.
Increases udf.mod by 128 bytes (but decreases by 13 compressed when
	compressed).
2013-10-20 16:33:12 +02:00
Vladimir 'phcoder' Serbinenko
5a869940de Split out blocklist retrieving from setup.c to
grub-core/osdep/blocklist.c and add windows implementation since
	generic version doesn't work on NTFS on Windows due to aggressive
	unflushable cache.
2013-10-15 17:02:26 +02:00
Colin Watson
4eb8b75659 Remove nested functions from disk and file read hooks.
* include/grub/disk.h (grub_disk_read_hook_t): New type.
	(struct grub_disk): Add read_hook_data member.
	* include/grub/file.h (struct grub_file): Likewise.
	* include/grub/fshelp.h (grub_fshelp_read_file): Add read_hook_data
	argument.

	Update all callers.
2013-02-27 17:19:15 +01:00
Colin Watson
fc524edf65 Remove nested functions from filesystem directory iterators.
* include/grub/fs.h (grub_fs_dir_hook_t): New type.
(struct grub_fs.dir): Add hook_data argument.

Update all implementations and callers.
2013-01-21 01:33:46 +00:00
Vladimir 'phcoder' Serbinenko
def3df7520 * grub-core/fs/udf.c (read_string): Bail out on size=0.
(grub_udf_read_symlink): Handle read_string failure.
2012-05-13 20:18:33 +02:00
Vladimir 'phcoder' Serbinenko
c1ad82db74 Fix handling of UDF symlinks.
* grub-core/fs/udf.c (read_string): New argument outbuf.
	All users updated.
	(grub_ufs_read_symlink): Rename to ...
	(grub_udf_read_symlink): ... this. All users updated.
	Handle symlinks with more than one component.
2012-05-12 13:54:26 +02:00
Vladimir 'phcoder' Serbinenko
f417ed0432 Fix wrapped HFS+ handling.
* grub-core/fs/fshelp.c (grub_fshelp_read_file): New argument
	blocks_start. All users updated.
	* grub-core/fs/hfsplus.c (grub_hfsplus_read_block): Don't add
	wrapping offset.
	(grub_hfsplus_read_file): Pass embedding offset to fshelp_read_file.
2012-05-09 13:02:59 +02:00
Vladimir 'phcoder' Serbinenko
a3a0eace51 Support 4K sectors UDF inline files.
* grub-core/fs/udf.c (grub_udf_file_entry): Don't specify padding size.
	(grub_udf_extended_file_entry): Likewise.
	(grub_fshelp_node): Name the anonymous union. Put block at the end.
	All users updated.
	(get_fshelp_size): New function.
	(grub_udf_read_icb): Read whole block.
	(grub_udf_iterate_dir): Likewise.
	(grub_udf_dir): Likewise.
	(grub_udf_open): Likewise.
2012-05-03 09:29:20 +02:00
Vladimir 'phcoder' Serbinenko
e1e49678b9 * util/grub-install.in: Clarify strings.
Fix source dir check.
2012-02-27 21:36:58 +01:00
Vladimir 'phcoder' Serbinenko
9b05cad768 * grub-core/fs/udf.c (grub_udf_partmap): Add packed attribute
as it's not necessarily aligned.
2011-12-13 13:58:33 +01:00
Vladimir 'phcoder' Serbinenko
78c2cd1c62 * grub-core/fs/udf.c (read_string): Macroify GRUB_MAX_UTF8_PER_UTF16.
* grub-core/fs/jfs.c (grub_jfs_diropen): Likewise.
	* grub-core/fs/fat.c (grub_fat_iterate_dir): Likewise.
2011-12-13 01:41:16 +01:00
Szymon Janc
cbf597afb1 * grub-core/commands/cmp.c (grub_cmd_cmp): Remove unnecessary NULL
pointer checks before calling grub_free().
	* grub-core/commands/wildcard.c (match_devices): Likewise.
	* grub-core/commands/wildcard.c (match_files): Likewise.
	* grub-core/fs/cpio.c (grub_cpio_dir): Likewise.
	* grub-core/fs/cpio.c (grub_cpio_open): Likewise.
	* grub-core/fs/udf.c (grub_udf_read_block): Likewise.
	* grub-core/fs/xfs.c (grub_xfs_read_block): Likewise.
	* grub-core/loader/efi/chainloader.c (grub_cmd_chainloader): Likewise.
	* grub-core/normal/cmdline.c (grub_cmdline_get): Likewise.
	* grub-core/script/yylex.l (grub_lexer_unput): Likewise.
	* grub-core/video/readers/jpeg.c (grub_video_reader_jpeg): Likewise.
	* grub-core/video/readers/png.c (grub_png_output_byte): Likewise.
2011-06-26 17:17:41 +02:00
Vladimir 'phcoder' Serbinenko
b756f75f07 Several FS mtime support.
* grub-core/fs/affs.c (grub_affs_time): New struct.
	(grub_affs_file): New field mtime.
	(grub_fshelp_node): Changed 'block' and 'parent' to more appropriate
	type. Removed 'size'. New field 'di'. All users updated.
	(grub_affs_mount): Simplify checsum checking.
	(grub_affs_iterate_dir): New helper grub_affs_create_node.
	(grub_affs_dir): Handle mtime.
	* grub-core/fs/cpio.c (grub_cpio_find_file): Handle mtime.
	(grub_cpio_dir): Likewise.
	* grub-core/fs/hfs.c (grub_hfs_dirrec): New fields 'ctime' and 'mtime'.
	(grub_hfs_filerec): New field mtime.
	(grub_hfs_dir): Handle mtime.
	(grub_hfs_mtime): New function.
	(grub_hfs_fs): Register grub_hfs_mtime.
	* grub-core/fs/iso9660.c (grub_iso9660_date2): New struct.
	(grub_iso9660_dir): New field mtime.
	(grub_fshelp_node): New field dirent.
	(iso9660_to_unixtime): New function.
	(iso9660_to_unixtime2): Likewise.
	(grub_iso9660_read_symlink): Use node->dirent.
	(grub_iso9660_iterate_dir): Likewise.
	(grub_iso9660_dir): Set mtime.
	(grub_iso9660_mtime): New function.
	(grub_iso9660_fs): Register grub_iso9660_mtime.
	* grub-core/fs/jfs.c (grub_jfs_time): New struct.
	(grub_jfs_inode): New fields atime, ctime and mtime.
	(grub_jfs_dir): Set mtime.
	* grub-core/fs/minix.c (grub_minix_dir): Likewise.
	* grub-core/fs/ntfs.c (list_file): Set mtime.
	(grub_ntfs_dir): Likewise.
	* grub-core/fs/reiserfs.c (grub_fshelp_node): New field 'mtime'.
	(grub_reiserfs_iterate_dir): Set mtime.
	(grub_reiserfs_dir): Likewise.
	* grub-core/fs/sfs.c (grub_sfs_obj): New field mtime.
	(grub_fshelp_node): Likewise.
	(grub_sfs_iterate_dir): Set mtime.
	(grub_sfs_dir): Likewise.
	* grub-core/fs/udf.c (grub_udf_dir): Set mtime.
	* grub-core/fs/xfs.c (grub_xfs_time): New struct.
	(grub_xfs_inode): New fields atime, mtime, ctime.
	(grub_xfs_dir): Set mtime.
	* include/grub/datetime.h (grub_datetime2unixtime): New function.
	* include/grub/hfs.h (grub_hfs_sblock): New fields ctime and mtime.
	* include/grub/ntfs.h (grub_fshelp_node): New field mtime.

	Support UDF symlinks.

	* grub-core/fs/udf.c (grub_udf_iterate_dir): Handle symlinks.
	(grub_ufs_read_symlink): New function. All users updated.

	Check amiga partmap checksum.

	* grub-core/partmap/amiga.c (grub_amiga_rdsk): Pad to 128 bytes.
	(grub_amiga_partition): Likewise.
	(amiga_partition_map_checksum): New function.
	(amiga_partition_map_iterate): Check checksum.
2011-05-15 12:23:54 +02:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6 Implement automatic module license checking according to new GNU
guidelines.

	* grub-core/kern/dl.c (grub_dl_check_license): New function.
	(grub_dl_load_core): Use grub_dl_check_license.
	* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
	(GRUB_MOD_LICENSE): Likewise.
	(GRUB_MOD_DUAL_LICENSE): Likewise.
	All modules updated.
2011-04-11 23:01:51 +02:00
Vladimir 'phcoder' Serbinenko
2f70097d3e merge mainline into filesys branch 2010-12-31 15:02:07 +01:00
Colin Watson
b889cfadf9 * grub-core/fs/udf.c (read_string): Pacify GCC warning by
initialising utf16.
2010-12-21 13:00:10 +00:00
Vladimir 'phcoder' Serbinenko
052677ba71 merge mainline into filesys 2010-12-19 00:54:05 +01:00
Vladimir 'phcoder' Serbinenko
7059d1ec14 Fix handling of UTF-16 UDF labels.
* grub-core/fs/udf.c (grub_udf_iterate_dir): Move string-parsing part
	(read_string): .. here.
	(grub_udf_label): Use read_string.
2010-12-19 00:43:41 +01:00
Vladimir 'phcoder' Serbinenko
e6533ae154 Fix handling of UTF-16 UDF labels.
* grub-core/fs/udf.c (grub_udf_iterate_dir): Move string-parsing part
	(read_string): .. here.
	(grub_udf_label): Use read_string.
2010-12-19 00:43:41 +01:00
Vladimir 'phcoder' Serbinenko
591baceb34 UDF symlink support 2010-12-11 06:04:21 +01:00
Vladimir 'phcoder' Serbinenko
f8e2e451e6 handle UTF16 UDF label 2010-12-10 18:34:46 +01:00
Vladimir 'phcoder' Serbinenko
f22c12e852 mtime for UDF support 2010-12-10 17:37:32 +01:00
Giuseppe Caizzone
69c4feebb1 Add generic logical block size support for UDF.
* grub-core/fs/udf.c (GRUB_UDF_LOG2_BLKSIZE): Removed.
	(GRUB_UDF_BLKSZ): Removed.
	(struct grub_udf_data): New field "lbshift" to hold the logical	block
	size of the file system in log2 format. All users updated.
	(sblocklist): Change type to unsigned.
	(grub_udf_mount): Change type of "sblklist" to unsigned.
	Move AVDP search before VRS recognition, because the latter requires
	knowledge of the logical block size, which is detected during the
	former.
	Detect and validate logical block size during AVDP search, adding
	support for block sizes 512, 1024 and 4096.
	Make VRS recognition independent of block size.
2010-11-14 17:03:49 +01:00
Giuseppe Caizzone
e53609331b Add generic logical block size support for UDF.
* grub-core/fs/udf.c (GRUB_UDF_LOG2_BLKSIZE): Removed.
	(GRUB_UDF_BLKSZ): Removed.
	(struct grub_udf_data): New field "lbshift" to hold the logical	block
	size of the file system in log2 format. All users updated.
	(sblocklist): Change type to unsigned.
	(grub_udf_mount): Change type of "sblklist" to unsigned.
	Move AVDP search before VRS recognition, because the latter requires
	knowledge of the logical block size, which is detected during the
	former.
	Detect and validate logical block size during AVDP search, adding
	support for block sizes 512, 1024 and 4096.
	Make VRS recognition independent of block size.
2010-11-14 16:58:50 +01:00
Giuseppe Caizzone
cb0229c587 Properly handle deleted files on UDF.
* grub-core/fs/udf.c (grub_udf_iterate_dir): Skip directory entries
	whose "characteristics" field has the bit GRUB_UDF_FID_CHAR_DELETED
	set.
2010-11-14 16:51:45 +01:00
Giuseppe Caizzone
406858a8a9 Support reading files larger than 2 GiB.
* grub-core/fs/udf.c (grub_udf_iterate_dir): Change type of variable
	"offset" to grub_off_t.
	(grub_udf_read_file): Likewise for parameter "pos".
2010-11-14 16:48:17 +01:00
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30
Renamed from fs/udf.c (Browse further)