Commit graph

19 commits

Author SHA1 Message Date
Peter Jones
3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Andrei Borzenkov
2fb8cd26a9 script: fix double free in lexer
yylex_destroy() already frees scanner.

Found by: Coverity scan.
CID: 176636
2017-02-12 09:23:34 +03:00
Vladimir Serbinenko
66ce4d1aef grub_script_lexer_yywrap: Update len synchronously with line. 2015-01-21 17:38:01 +01:00
Vladimir 'phcoder' Serbinenko
4542e71b8b * grub-core/script/lexer.c (grub_script_lexer_init): Rename getline
argument to prevent name collision.
2013-01-16 09:06:11 +01:00
Colin Watson
09fd6d8293 Remove nested functions from script reading and parsing.
* grub-core/kern/parser.c (grub_parser_split_cmdline): Add
getline_data argument, passed to getline.
* grub-core/kern/rescue_parser.c (grub_rescue_parse_line): Add
getline_data argument, passed to grub_parser_split_cmdline.
* grub-core/script/lexer.c (grub_script_lexer_yywrap): Pass
lexerstate->getline_data to lexerstate->getline.
(grub_script_lexer_init): Add getline_data argument, saved in
lexerstate->getline_data.
* grub-core/script/main.c (grub_normal_parse_line): Add getline_data
argument, passed to grub_script_parse.
* grub-core/script/script.c (grub_script_parse): Add getline_data
argument, passed to grub_script_lexer_init.
* include/grub/parser.h (grub_parser_split_cmdline): Update
prototype.  Update all callers to pass appropriate getline data.
(struct grub_parser.parse_line): Likewise.
(grub_rescue_parse_line): Likewise.
* include/grub/reader.h (grub_reader_getline_t): Add void *
argument.
* include/grub/script_sh.h (struct grub_lexer_param): Add
getline_data member.
(grub_script_parse): Update prototype.  Update all callers to pass
appropriate getline data.
(grub_script_lexer_init): Likewise.
(grub_normal_parse_line): Likewise.

* grub-core/commands/legacycfg.c (legacy_file_getline): Add unused
data argument.
* grub-core/kern/parser.c (grub_parser_execute: getline): Make
static instead of nested.  Rename to ...
(grub_parser_execute_getline): ... this.
* grub-core/kern/rescue_reader.c (grub_rescue_read_line): Add unused
data argument.
* grub-core/normal/main.c (read_config_file: getline): Make static
instead of nested.  Rename to ...
(read_config_file_getline): ... this.
(grub_normal_read_line): Add unused data argument.
* grub-core/script/execute.c (grub_script_execute_sourcecode:
getline): Make static instead of nested.  Rename to ...
(grub_script_execute_sourcecode_getline): ... this.
* util/grub-script-check.c (main: get_config_line): Make static
instead of nested.
2013-01-15 12:03:25 +00:00
Vladimir 'phcoder' Serbinenko
d9a62292e3 * grub-core/script/execute.c (grub_script_break): Clarify logic.
Better error handling.
	(grub_script_return): Likewise.
	* grub-core/script/lexer.c (grub_script_lexer_yywrap): Likewise.
2012-02-12 21:33:48 +01:00
Vladimir 'phcoder' Serbinenko
4f96abd198 * grub-core/script/lexer.c (grub_script_lexer_init): Rename getline
to arg_getline to avoid shadowing.
2012-02-10 12:25:27 +01:00
Vladimir 'phcoder' Serbinenko
4a9f8346c9 * grub-core/commands/ls.c: Gettextize.
* grub-core/commands/setpci.c: Likewise.
        * grub-core/commands/videotest.c: Likewise.
        * grub-core/disk/geli.c: Likewise.
        * grub-core/kern/mm.c: Likewise.
        * grub-core/lib/relocator.c: Likewise.
        * grub-core/loader/efi/appleloader.c: Likewise.
        * grub-core/loader/i386/xnu.c: Likewise.
        * grub-core/loader/ia64/efi/linux.c: Likewise.
        * grub-core/loader/xnu.c: Likewise.
        * grub-core/net/dns.c: Likewise.
        * grub-core/net/net.c: Likewise.
        * grub-core/script/lexer.c: Likewise.
        * grub-core/script/parser.y: Likewise.
        * grub-core/script/yylex.l: Likewise.
        * util/getroot.c: Likewise.
        * util/grub-setup.c: Likewise.
2012-02-03 11:56:49 +01:00
Vladimir 'phcoder' Serbinenko
9c2710789f Eliminate grub_min/grub_max prone to overflow usage.
* grub-core/bus/usb/usbhub.c (grub_usb_add_hub): Eliminate grub_min.
	(poll_nonroot_hub): Likewise.
	* grub-core/fs/affs.c (grub_affs_iterate_dir): Likewise.
	(grub_affs_label): Likewise.
	* grub-core/fs/btrfs.c (grub_btrfs_lzo_decompress): Likewise.
	* grub-core/fs/hfs.c (grub_hfs_dir): Likewise.
	(grub_hfs_label): Likewise.
	* grub-core/fs/hfsplus.c (grub_hfsplus_cmp_catkey): Likewise.
	* grub-core/fs/zfs/zfs.c (MIN): Remove.
	(zap_leaf_array_equal): Use grub_size. Remove MIN.
	(zap_leaf_array_get): Likewise.
	(dnode_get_path): Likewise.
	* grub-core/io/lzopio.c (grub_lzopio_read): Eliminate grub_min.
	* grub-core/io/xzio.c (grub_xzio_read): Likewise.
	* grub-core/script/execute.c (grub_script_break): Likewise.
	* grub-core/script/lexer.c (grub_script_lexer_record): Eliminate
	grub_max.
	* grub-core/script/yylex.l (grub_lexer_yyrealloc): Likewise.
	* include/grub/misc.h (grub_min): Removed.
	(grub_max): Likewise.
2012-01-14 15:44:34 +01:00
Vladimir 'phcoder' Serbinenko
124df5f6ca Fine grainely disable warnings on lexer. Remove Wno-error on it.
* grub-core/Makefile.core.def (normal): Remove -Wno-error.
	* grub-core/script/lexer.c: Declare yytext_ptr to avoid having
	yylex_strncpy.
	* grub-core/script/yylex.l: Add fine-grained #pragma.
2011-10-23 23:32:06 +02:00
Colin Watson
05d2ed3277 * grub-core/normal/menu_entry.c (run): Quieten uninitialised
warning.  (This was in fact always initialised before use, but GCC
  wasn't smart enough to prove that.)
* grub-core/script/lexer.c (grub_script_lexer_yywrap): Likewise.
2011-04-01 11:43:51 +01:00
Yves Blusseau
1d12cf2947 * grub-core/lib/LzFind.c: Add missing include.
* grub-core/lib/LzmaEnc.c: Likewise.
    * grub-core/script/lexer.c: Likewise.
    * grub-core/script/yylex.l: Likewise.
    * util/grub-macho2img.c: Likewise.
    * util/grub-menulst2cfg.c: Likewise.
    * util/grub-mklayout.c: Likewise.
    * util/grub-mkpasswd-pbkdf2.c
    * util/grub-mkrelpath.c: Likewise.
    * util/resolve.c: Likewise.
2010-09-24 09:19:57 +02:00
BVK Chaitanya
227cab7c79 merge with mainline 2010-09-04 10:56:23 +05:30
BVK Chaitanya
e5a73c4247 merge with mainline 2010-09-04 09:05:21 +05:30
BVK Chaitanya
adcf5a8e30 merge with mainline 2010-09-04 08:33:42 +05:30
Vladimir 'phcoder' Serbinenko
3c7079670d * grub-core/script/lexer.c (grub_script_lexer_init): Don't look before
the begining of the string
2010-08-28 15:35:43 +02:00
BVK Chaitanya
b899201c69 merge with mainline 2010-08-26 11:45:29 +05:30
BVK Chaitanya
928bad4708 merge with mainline 2010-08-26 09:30:11 +05:30
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30
Renamed from script/lexer.c (Browse further)