This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
* Makefile.am (build-grub-mkfont): Don't include gnulib.
(build-grub-gen-asciih): Likewise.
(build-grub-gen-widthspec): Likewise.
* Makefile.util.def (grub-pe2elf): Remove.
* config.h.in [GRUB_BUILD]: Use build rather than host constants.
* configure.ac: Separate tests for build.
Move ./build-grub-pe2elf to grub-core.
Fix typo.
* grub-core/Makefile.am (build-grub-pe2elf): New target.
* grub-core/kern/emu/misc.c (xasprintf): Don't compile if GRUB_BUILD is
defined.
* include/grub/types.h [GRUB_BUILD]: Use build rather than host
constants.
* util/grub-mkfont.c [GRUB_BUILD]: Simplify not to rely on argp.
* util/grub-pe2elf.c: Simplify not to rely on getopt.
* util/misc.c (program_name) [GRUB_BUILD]: Define to static string.
(write_section_data): Rename name to shname to avoid shadowing.
(write_symbol_table): Rename name to symname to avoid shadowing.
Fix write_reloc_section call.
* util/grub-pe2elf.c (MODLICENSE_SECTION): New definition. All following
sections shifted.
(insert_string): Make argument const char * instead of char *.
(write_section_data): Handle long section names.
Handle module_license.
* conf/Makefile.common (STRIPFLAGS_KERNEL): Add -F elf32-i386 and
-R .drectve on cygwin.
* conf/i386-pc-cygwin-img-ld.sc: Merge rdata and pdata into data.
* configure.ac: Use $(top_builddir) in TARGET_OBJ2ELF.
(COND_CYGWIN): New condition.
* grub-core/Makefile.am (%.mod): Set TARGET_OBJ2ELF.
* grub-core/genmod.sh.in: Use ${TARGET_OBJ2ELF} and
not @TARGET_OBJ2ELF@.
* util/grub-pe2elf.c (write_symbol_table): Use pe_symtab->type and not
type to determine whether aux is to be used.
* common.rmk (bin_UTILITIES): Add grub-pe2elf.
(grub_pe2elf_SOURCES): New macro.
(CLEANFILES): Add grub-pe2elf.
* include/grub/efi/pe32.h (GRUB_PE32_SCN_ALIGN_1BYTES): New constant.
(GRUB_PE32_SCN_ALIGN_2BYTES): Likewise.
(GRUB_PE32_SCN_ALIGN_4BYTES): Likewise.
(GRUB_PE32_SCN_ALIGN_8BYTES): Likewise.
(GRUB_PE32_SCN_ALIGN_16BYTES): Likewise.
(GRUB_PE32_SCN_ALIGN_32BYTES): Likewise.
(GRUB_PE32_SCN_ALIGN_64BYTES): Likewise.
(GRUB_PE32_SCN_ALIGN_SHIFT): Likewise.
(GRUB_PE32_SCN_ALIGN_MASK): Likewise.
(GRUB_PE32_SYM_CLASS_EXTERNAL): Likewise.
(GRUB_PE32_SYM_CLASS_STATIC): Likewise.
(GRUB_PE32_SYM_CLASS_FILE): Likewise.
(GRUB_PE32_DT_FUNCTION): Likewise.
(GRUB_PE32_REL_I386_DIR32): Likewise.
(GRUB_PE32_REL_I386_REL32): Likewise.
(grub_pe32_symbol): New structure.
(grub_pe32_reloc): Likewise.
* util/grub-pe2elf.c: New file.
* configure.ac: Set TARGET_OBJ2ELF if host os is cygwin. Don't test for
start symbol in non pc platform.
* genmk.rb: Use TARGET_OBJ2ELF to convert native object format to elf.
The following patches are from Christian Franke.
* include/grub/dl.h: Remove .previous, gas supports this only
for ELF format.
* include/grub/symbol.h [__CYGWIN__] (#define FUNCTION/VARIABLE):
Remove .type, gas supports this only for ELF format.
* kern/dl.c (grub_dl_resolve_dependencies): Add check for trailing
nullbytes in symbol table. This fixes an infinite loop if table is
zero filled.
* Makefile.in: Add autoconf replacements TARGET_IMG_LDSCRIPT,
TARGET_IMG_LDFLAGS and EXEEXT.
* aclocal.m4 (grub_PROG_OBJCOPY_ABSOLUTE): Replace -Wl,-N by
TARGET_IMG_LDFLAGS_AC.
(grub_CHECK_STACK_ARG_PROBE): New function.
* conf/i386-pc.rmk: Replace -Wl,-N by TARGET_IMG_LDFLAGS.
* conf/i386-pc-cygwin-ld-img.sc: New linker script.
* configure.ac: Add check for linker script "conf/${target}-img-ld.c"
to set TARGET_IMG_LD* accordingly.
Add check for Cygwin to set TARGET_MOD_OBJCOPY accordingly.
Add call to grub_CHECK_STACK_ARG_PROBE.
Use TARGET_IMG_LDFLAGS to check start, bss_start, end symbols.
* genkernsyms.sh.in: Handle HAVE_ASM_USCORE case.
* genmk.rb: Add EXEEXT to CLEANFILES.