Peter Jones
3f05d693d1
malloc: Use overflow checking primitives where we do complex allocations
...
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:
X = grub_malloc(arithmetic_expr);
It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.
Among other issues, this fixes:
- allocation of integer overflow in grub_video_bitmap_create()
reported by Chris Coulson,
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in grub_squash_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in grub_ext2_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in read_section_as_string()
reported by Chris Coulson.
Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Peter Jones
f725fa7cb2
calloc: Use calloc() at most places
...
This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Pete Batard
bdd89d239c
core: use GRUB_TERM_ definitions when handling term characters
...
* Also use hex value for GRUB_TERM_ESC as '\e' is not in the C standard and is not understood by some compilers
2017-08-07 19:28:22 +02:00
Andrei Borzenkov
2a3ebf9428
normal: fix memory leak
...
Found by: Coverity scan.
CID: 96685
2015-06-20 23:38:18 +03:00
Vladimir Serbinenko
35d4761ce2
* grub-core/normal/cmdline.c (grub_cmdline_get): Plug memory leak.
2013-11-18 02:43:29 +01:00
Vladimir Serbinenko
a67c755ef1
* grub-core/normal/cmdline.c (grub_cmdline_get):
...
Remove nested functions.
2013-11-07 02:42:38 +01:00
Vladimir Serbinenko
0a7e52b2ed
* grub-core/normal/cmdline.c (grub_history_get): Make argument into
...
unsigned.
(grub_history_replace): Likewise.
2013-10-25 22:58:19 +02:00
Vladimir 'phcoder' Serbinenko
e89c2d48a9
Lift 255x255 erminal sie restriction to 65535x65535. Also change from
...
bitmasks to small structures of size chosen to fit in registers.
2013-10-19 23:59:32 +02:00
Josh Triplett
e40b459617
* grub-core/normal/cmdline.c (grub_cmdline_get): Fix Ctrl-u
...
handling to copy the killed characters to the kill buffer as
UCS4 stored as grub_uint32_t rather than as 8-bit characters
stored as char. Eliminates UCS4 truncation and corruption
observed when killing characters with Ctrl-u and yanking them
back with Ctrl-y.
2013-05-31 00:59:02 +02:00
Vladimir 'phcoder' Serbinenko
c8d6cc3cf0
* grub-core/normal/cmdline.c (grub_cmdline_get): Fix off-by-one error
...
to avoid losing last column.
2013-05-14 08:54:18 +02:00
Vladimir 'phcoder' Serbinenko
d162588970
* grub-core/normal/cmdline.c (print_completion): New field
...
prompt_len.
(grub_cmdline_get): Handle width properly.
2012-04-01 21:25:17 +02:00
Vladimir 'phcoder' Serbinenko
9fdb2d7b11
Fix handling of leading spaces in scripts.
...
* grub-core/normal/cmdline.c (grub_cmdline_get): Don't strip leading
spaces.
* grub-core/normal/main.c (grub_file_getline): Remove all preprocessing
other than skipping \r. All users updated.
* tests/grub_script_echo1.in: Add space-related tests.
* util/grub-menulst2cfg.c (main): Remove useless space skipping.
2012-03-11 14:43:18 +01:00
Vladimir 'phcoder' Serbinenko
ef292a8775
* grub-core/net/http.c: Add TRANSLATORS comments.
...
* grub-core/normal/cmdline.c: Likewise.
* grub-core/normal/misc.c: Likewise.
* grub-core/partmap/msdos.c: Likewise.
* grub-core/parttool/msdospart.c: Likewise.
* grub-core/script/execute.c: Likewise.
* grub-core/script/main.c: Likewise.
* grub-core/term/terminfo.c: Likewise.
* grub-core/video/bitmap.c: Likewise.
* util/grub-install.in: Likewise.
* util/grub-mkimage.c: Likewise.
* util/grub-mklayout.c: Likewise.
* util/grub-setup.c: Likewise.
2012-03-05 16:42:26 +01:00
Vladimir 'phcoder' Serbinenko
4e27343fb0
* conf/Makefile.common (CFLAGS_GNULIB): Add
...
-Wno-unsafe-loop-optimizations.
* configure.ac: Remove -Wmissing-declarations and -Wmissing-prototypes
on tools.
* grub-core/commands/legacycfg.c: Add pragma to skip
-Wunsafe-loop-optimizations.
(check_password_md5_real): Fix loop counter type.
* grub-core/commands/testload.c (grub_cmd_testload): Fix over the EOF
reading.
* grub-core/disk/ldm.c (grub_util_get_ldm): Fix logic error.
* grub-core/fs/zfs/zfs_sha256.c (zio_checksum_SHA256): Add safety
loop condition.
* grub-core/io/gzio.c: Add pragma to skip -Wunsafe-loop-optimizations.
* grub-core/lib/LzmaEnc.c (GetOptimum): Avoid possible infinite loop.
* grub-core/net/net.c (grub_net_route_address): Add safety loop
condition.
* grub-core/normal/charset.c (bidi_line_wrap): Likewise.
* grub-core/normal/cmdline.c (grub_set_history): Fix loop types and
avoid possible infinite loops.
* grub-core/script/parser.y: Add pragma to skip -Wmissing-declarations
and -Wunsafe-loop-optimizations.
* grub-core/script/yylex.l: Likewise.
* util/grub-mkfont.c: Add pragma to skip -Wunsafe-loop-optimizations.
(print_glyphs): Avoid infinite loops.
* util/grub-mkimage.c (compress_kernel_xz): Fix format security.
2012-02-24 12:30:32 +01:00
Vladimir 'phcoder' Serbinenko
a9e9dc7c5e
* grub-core/normal/cmdline.c (grub_cmdline_get): Don't gettext prompt.
...
* grub-core/normal/main.c (grub_normal_read_line_real): Gettext
prompt here.
2012-02-12 19:24:23 +01:00
Szymon Janc
cbf597afb1
* grub-core/commands/cmp.c (grub_cmd_cmp): Remove unnecessary NULL
...
pointer checks before calling grub_free().
* grub-core/commands/wildcard.c (match_devices): Likewise.
* grub-core/commands/wildcard.c (match_files): Likewise.
* grub-core/fs/cpio.c (grub_cpio_dir): Likewise.
* grub-core/fs/cpio.c (grub_cpio_open): Likewise.
* grub-core/fs/udf.c (grub_udf_read_block): Likewise.
* grub-core/fs/xfs.c (grub_xfs_read_block): Likewise.
* grub-core/loader/efi/chainloader.c (grub_cmd_chainloader): Likewise.
* grub-core/normal/cmdline.c (grub_cmdline_get): Likewise.
* grub-core/script/yylex.l (grub_lexer_unput): Likewise.
* grub-core/video/readers/jpeg.c (grub_video_reader_jpeg): Likewise.
* grub-core/video/readers/png.c (grub_png_output_byte): Likewise.
2011-06-26 17:17:41 +02:00
Vladimir 'phcoder' Serbinenko
d1611f0163
* grub-core/efiemu/i386/pc/cfgtables.c
...
(grub_machine_efiemu_init_tables): Make declaration a prototype.
* grub-core/loader/xnu.c (grub_xnu_lock): Likewise.
(grub_xnu_unlock): Likewise.
* grub-core/normal/cmdline.c (grub_cmdline_get/cl_set_pos_all): Likewise.
2011-03-23 12:08:33 +01:00
Vladimir 'phcoder' Serbinenko
5aaf2c18bd
Merge mainline into keylayouts
2010-08-31 14:03:29 +02:00
Vladimir 'phcoder' Serbinenko
9e0fa3f606
* grub-core/normal/cmdline.c (grub_cmdline_get): Free cl_terms on
...
return.
2010-08-28 15:29:44 +02:00
BVK Chaitanya
297f0c2b6e
merge with mainline
2010-07-13 00:43:28 +05:30
BVK Chaitanya
8c41176882
automake commit without merge history
2010-05-06 11:34:04 +05:30