This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:
X = grub_malloc(arithmetic_expr);
It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.
Among other issues, this fixes:
- allocation of integer overflow in grub_video_bitmap_create()
reported by Chris Coulson,
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in grub_squash_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in grub_ext2_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in read_section_as_string()
reported by Chris Coulson.
Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
When running grub in a VGA console of a KVM pseries guest on PowerPC,
you can see the cursor sweeping over the whole line when entering a
character in editor mode. This is visible because grub always refreshes
the whole line when entering a character in editor mode, and drawing
characters is quite a slow operation with the firmware used for the
powerpc pseries guests (SLOF).
To avoid this ugliness, the cursor should be disabled when refreshing
the screen contents during update_screen().
Signed-off-by: Thomas Huth <thuth@redhat.com>
off new function grub_script_execute_new_scope. Change callers to use
either of them as appropriate.
* grub-core/commands/eval.c: New command eval.
* docs/grub.texi (Commands): Document it.
written bytes.
(grub_get_num_of_utf8_bytes): New function.
(grub_ucs4_to_utf8_alloc): Use grub_get_num_of_utf8_bytes.
* grub-core/normal/menu_entry.c (run): Convert entry to UTF-8 before
executing it.
* include/grub/charset.h (grub_get_num_of_utf8_bytes): New proto.
(grub_ucs4_to_utf8): Change return type.
* grub-core/normal/charset.c (grub_unicode_aglomerate_comb): Don't
agglomerate control characters with combining marks.
(bidi_line_wrap): Allow break on tab.
(grub_unicode_get_comb_start): New function.
* grub-core/normal/menu_entry.c: Restructure to handle wide characters
and tab correctly.
* grub-core/normal/menu_text.c (print_entry): Replace \n, \r, \b and \e
with a space.
* grub-core/normal/term.c (print_ucs4_terminal): New argument
fixed_tab_size. All users updated.
* include/grub/term.h (GRUB_TERM_TAB_WIDTH): New const.
(grub_term_getcharwidth): Handle \t.
* include/grub/unicode.h (grub_unicode_glyph_dup): Fix allocation
and copy.
* grub-core/normal/menu_entry.c (per_term_screen): New member
num_entries.
(print_down): Use num_entries.
(update_screen): Likewise.
(grub_menu_entry_run): Set num_entries.
* grub-core/normal/menu_text.c (menu_viewer_data): New member
num_entries.
(grub_print_message_indented): Move real part to ...
(grub_print_message_indented_real): ... here. Additional argument
dry_run.
(draw_border): Additional argument num_entries.
(print_message): Additional argument dry_run.
(print_entries): Receive menu viewer data.
(grub_menu_init_page): New argment num_entries.
(menu_text_set_chosen_entry): Use num_entries.
(grub_menu_try_text): Likewise.
* grub-core/normal/term.c (print_ucs4_terminal): New argument dry_run.
All users updated.
(grub_ucs4_count_lines): New function.
* include/grub/term.h (grub_term_cursor_x): Moved from here ..
* grub-core/normal/menu_text.c (grub_term_cursor_x): ... to here.
* include/grub/term.h (GRUB_TERM_MESSAGE_HEIGHT): Removed.
(grub_term_border_height): Likewise.
(grub_term_num_entries): Likewise.
warning. (This was in fact always initialised before use, but GCC
wasn't smart enough to prove that.)
* grub-core/script/lexer.c (grub_script_lexer_yywrap): Likewise.
* grub-core/normal/menu.c (grub_menu_execute_entry): New parameter
auto_boot. All users updated.
Declared static.
Handle chosen and default with submenus.
(grub_menu_execute_with_fallback): Declared static.
Don't notify failure if autobooted. Upper level does it.
(menuentry_eq): New function.
(get_entry_number): Use menuentry_eq.
(show_menu): New parameter "autobooted". All users updated.
(grub_show_menu): Likewise.
* include/grub/normal.h (grub_show_menu): Likewise.
* include/grub/menu.h (grub_menu_execute_entry): Removed.
(grub_menu_execute_with_fallback): Likewise.
* grub-core/commands/menuentry.c (grub_normal_add_menu_entry): New
parameter submenu. All users updated.
* grub-core/normal/main.c (free_menu): Rename to ...
(grub_normal_free_menu): ... this. Made global.
* grub-core/normal/menu.c (grub_menu_execute_entry): Open new context
if requested.
* grub-core/normal/menu_entry.c (screen): New field submenu.
(make_screen): Set submenu.
(run): Open new context if requested.
* include/grub/menu.h (grub_menu_entry): New field submenu.
* include/grub/normal.h (grub_normal_free_menu): New proto.
has a chance to see them.
* grub-core/kern/err.c (grub_err_printed_errors): New variable.
(grub_print_error): Increment grub_err_printed_errors.
* grub-core/normal/menu.c (grub_menu_execute_entry): Pause the
execution if any errors were displayed.
(show_menu): Remove old code for pause.
* grub-core/normal/menu_entry.c (run): Likewise.
* grub-core/normal/term.c (grub_normal_char_counter): Removed. All
users updated.
(grub_normal_get_char_counter): Likewise.
* include/grub/err.h (grub_err_printed_errors): New external variable.
* include/grub/normal.h (grub_normal_get_char_counter): Removed.
Peter Jones