Peter Jones
3f05d693d1
malloc: Use overflow checking primitives where we do complex allocations
...
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:
X = grub_malloc(arithmetic_expr);
It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.
Among other issues, this fixes:
- allocation of integer overflow in grub_video_bitmap_create()
reported by Chris Coulson,
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in grub_squash_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in grub_ext2_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in read_section_as_string()
reported by Chris Coulson.
Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Vladimir Serbinenko
ca0a4f689a
verifiers: File type for fine-grained signature-verification controlling
...
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.
This is preparatory patch.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Andrei Borzenkov
3900726fa8
fs/zfs/zfscrypt.c: fix indentation.
2015-01-27 21:13:10 +03:00
Andrei Borzenkov
fa13e60527
fs/zfs/zfscrypt.c: fix memory leaks.
...
Found by: Coverity scan.
2015-01-27 21:12:19 +03:00
Vladimir Serbinenko
916733ea6a
fs/zfscrypt: Add missing explicit cast.
...
Found by: Coverity scan.
2015-01-27 16:35:37 +01:00
Vladimir Serbinenko
8b66bb5d8d
* grub-core/fs/zfs/zfscrypt.c (grub_ccm_decrypt): Return right error
...
type.
(grub_gcm_decrypt): Likewise.
(algo_decrypt): Likewise.
(grub_zfs_decrypt_real): Transform error type.
2013-11-07 00:59:44 +01:00
Vladimir 'phcoder' Serbinenko
fb2666b560
Simplify few strings.
2013-05-07 11:44:15 +02:00
Vladimir 'phcoder' Serbinenko
d61386e21d
Improve string. Gettextize.
2012-02-12 15:25:25 +01:00
Vladimir 'phcoder' Serbinenko
2f53a9ed1f
* grub-core/fs/zfs/zfscrypt.c: Add link to documentation.
2012-02-01 18:30:51 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c
* grub-core/commands/acpihalt.c: Gettextized.
...
* grub-core/commands/cacheinfo.c: Likewise.
* grub-core/commands/cmp.c: Likewise.
* grub-core/commands/efi/loadbios.c: Likewise.
* grub-core/commands/gptsync.c: Likewise.
* grub-core/commands/ieee1275/suspend.c: Likewise.
* grub-core/commands/legacycfg.c: Likewise.
* grub-core/commands/memrw.c: Likewise.
* grub-core/commands/minicmd.c: Likewise.
* grub-core/commands/parttool.c: Likewise.
* grub-core/commands/time.c: Likewise.
* grub-core/commands/videoinfo.c: Likewise.
* grub-core/disk/geli.c: Likewise.
* grub-core/disk/i386/pc/biosdisk.c: Likewise.
* grub-core/disk/luks.c: Likewise.
* grub-core/disk/lvm.c: Likewise.
* grub-core/font/font_cmd.c: Likewise.
* grub-core/fs/zfs/zfscrypt.c: Likewise.
* grub-core/fs/zfs/zfsinfo.c: Likewise.
* grub-core/gfxmenu/view.c: Likewise.
* grub-core/kern/emu/hostdisk.c: Likewise.
* grub-core/kern/emu/main.c: Likewise.
* grub-core/kern/emu/misc.c: Likewise.
* grub-core/kern/emu/mm.c: Likewise.
* grub-core/kern/mips/arc/init.c: Likewise.
* grub-core/kern/mips/loongson/init.c: Likewise.
* grub-core/kern/partition.c: Likewise.
* grub-core/lib/i386/halt.c: Likewise.
* grub-core/lib/mips/arc/reboot.c: Likewise.
* grub-core/lib/mips/loongson/reboot.c: Likewise.
* grub-core/loader/i386/pc/chainloader.c: Likewise.
* grub-core/loader/i386/xnu.c: Likewise.
* grub-core/loader/multiboot.c: Likewise.
* grub-core/net/bootp.c: Likewise.
* grub-core/net/net.c: Likewise.
* grub-core/normal/term.c: Likewise.
* grub-core/partmap/bsdlabel.c: Likewise.
* grub-core/parttool/msdospart.c: Likewise.
* grub-core/term/gfxterm.c: Likewise.
* grub-core/term/terminfo.c: Likewise.
* grub-core/video/i386/pc/vbe.c: Likewise.
* util/grub-menulst2cfg.c: Likewise.
* util/grub-mkdevicemap.c: Likewise.
* util/grub-mklayout.c: Likewise.
* util/grub-mkrelpath.c: Likewise.
* util/grub-script-check.c: Likewise.
* util/ieee1275/grub-ofpathname.c: Likewise.
* util/resolve.c: Likewise.
2011-11-11 21:44:56 +01:00
Vladimir 'phcoder' Serbinenko
e2d22baf41
* grub-core/fs/zfs/zfscrypt.c (GRUB_MOD_INIT), (GRUB_MOD_FINI):
...
Fix module name.
2011-11-11 17:21:33 +01:00
Vladimir 'phcoder' Serbinenko
3ae17eb83c
Fix potential problem with calling zfs_to_cpu and cpu_to_be in a row.
...
* grub-core/fs/zfs/zfscrypt.c (grub_zfs_decrypt_real): Use explicit
byteswap when needed.
2011-11-08 19:44:18 +01:00
Vladimir 'phcoder' Serbinenko
4a19b6017d
Fix ZFS crypto error types.
...
* grub-core/fs/zfs/zfscrypt.c (grub_ccm_decrypt): Fix return type.
(grub_gcm_decrypt): Likewise.
(grub_zfs_load_key_real): Fix error code type. Handle possible error
from PBKDF2.
2011-11-08 16:07:27 +01:00
Vladimir 'phcoder' Serbinenko
bc1de0bc26
GCM support
2011-11-06 21:05:25 +01:00
Vladimir 'phcoder' Serbinenko
ed746949af
ZFS passphrase support
2011-11-06 16:30:52 +01:00
Vladimir 'phcoder' Serbinenko
f003a8c5e7
Move ZFS crypto to separate module
2011-11-06 15:18:25 +01:00