Commit graph

25 commits

Author SHA1 Message Date
David Michael
e576eb0cbc Merge remote-tracking branch 'upstream/master' 2017-01-23 14:02:45 -08:00
Andrei Borzenkov
6c35ce72ba verify: fix memory leak
Found by: Coverity scan.
CID: 96643
2016-01-12 21:52:42 +03:00
Matthew Garrett
297e11980b Allow passing of trusted keys via variables
Add support for adding gpg keys to the trusted database with a new command
called "trust_var". This takes the contents of a variable (in ascii-encoded
hex) and interprets it as a gpg public key.
2016-01-07 15:33:36 -08:00
Michael Zimmermann
ed07b7e128 Add missing initializers to silence suprious warnings. 2015-03-27 14:44:41 +01:00
Vladimir Serbinenko
37ba761b1c commands/verify: Fix sha1 context zeroing-out.
Current code doesn't zero-out context completely. It's a minor issue
really as sha1 init already takes care of initing the context.
2015-01-24 21:27:10 +01:00
Andrei Borzenkov
ebb3d958aa fix memory corruption in pubkey filter over network
grub_pubkey_open closed original file after it was read; it set
io->device to NULL to prevent grub_file_close from trying to close device.
But network device itself is stacked (net -> bufio); and bufio preserved
original netfs file which hold reference to device. grub_file_close(io)
called grub_bufio_close which called grub_file_close for original file.
grub_file_close(netfs-file) now also called grub_device_close which
freed file->device->net. So file structure returned by grub_pubkey_open
now had device->net pointed to freed memory. When later file was closed,
it was attempted to be freed again.

Change grub_pubkey_open to behave like other filters - preserve original
parent file and pass grub_file_close down to parent. In this way only the
original file will close device. We really need to move this logic into
core instead.

Also plug memory leaks in error paths on the way.

Reported-By: Robert Kliewer <robert.kliewer@gmail.com>
Closes: bug #43601
2014-12-05 21:17:08 +03:00
Vladimir Serbinenko
2c2c5c720d * grub-core/commands/verify.c (grub_pubkey_open): Trust procfs. 2014-06-21 20:11:08 +02:00
Vladimir Serbinenko
480c89858e * grub-core/commands/verify.c (grub_pubkey_open): Fix memdisk
check.
2014-06-21 20:10:48 +02:00
David Prévot
496a6b3024 Correct some translatable strings. 2013-12-21 03:03:31 +01:00
Vladimir Serbinenko
bfdfeb2508 Clarify several translatable messages. 2013-12-21 01:41:16 +01:00
Jon McCune
24d5934daa Fix double-free introduced by commit 33d02a42d6
To reproduce the problem, make sure you have a GPG public key available, build and install GRUB:
grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda
Sign all the files in /boot/grub/* and reboot.

'make check' results identical before and after this change.

TESTED: In a QEMU VM using an i386 target.
2013-12-17 07:32:07 -08:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw.
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
7bbb60cfbd * grub-core/commands/verify.c (free_pk): Plug memory leak.
(grub_load_public_key): Likewise.
	(grub_verify_signature_real): Likewise.
	(grub_cmd_verify_signature): Likewise.
2013-11-18 02:40:17 +01:00
Vladimir Serbinenko
4f84ae0ec8 Decrease stack usage in signature verification.
We have only 92K of stack and using over 4K per frame is wasteful

	* grub-core/commands/verify.c (grub_load_public_key): Allocate on heap
	rather than stack.
	(grub_verify_signature_real): Likewise.
2013-11-16 16:34:51 +01:00
Vladimir Serbinenko
1dcb27157d * grub-core/commands/verify.c: Remove variable length arrays.
Load gcry_dsa/gcry_rsa automatically.
2013-11-12 16:07:30 +01:00
Vladimir Serbinenko
1106c3f072 * grub-core/commands/verify.c: Add RSA support. 2013-11-03 18:50:01 +01:00
Vladimir 'phcoder' Serbinenko
0d711431c7 Verify signatures of signatures unless --skip-sig is specified. 2013-10-22 00:24:19 +02:00
Vladimir 'phcoder' Serbinenko
52eab6562d * grub-core/commands/verify.c: Use GRUB_CHAR_BIT. 2013-04-05 10:52:13 +02:00
Vladimir 'phcoder' Serbinenko
1a78d573c7 * grub-core/commands/verify.c: Save verified file to avoid it being
tampered with after verification was done.
2013-04-03 17:32:33 +02:00
Andrey Borzenkov
40f1c0007c * grub-core/commands/verify.c: Fix hash algorithms values for
the first three hashes - they start with 1, not with 0.
2013-04-01 01:43:04 +02:00
Vladimir 'phcoder' Serbinenko
d7a6506e30 * grub-core/commands/verify.c (hashes): Add several hashes
from the spec.
2013-03-20 17:24:39 +01:00
Vladimir 'phcoder' Serbinenko
d2789cf0b8 * grub-core/commands/verify.c (grub_verify_signature): Use unsigned
operations to have intended shifts and not divisions.
2013-03-10 19:39:14 +01:00
Vladimir 'phcoder' Serbinenko
adcc602041 New command list_trusted.
* grub-core/commands/verify.c (grub_cmd_list): New function.
2013-01-13 17:49:05 +01:00
Vladimir 'phcoder' Serbinenko
f8e98fee04 * grub-core/commands/verify.c: Mark messages for translating. 2013-01-12 16:31:17 +01:00
Vladimir 'phcoder' Serbinenko
5e3b8dcbb5 Import gcrypt public-key cryptography and implement signature checking. 2013-01-11 21:32:42 +01:00