Commit graph

22 commits

Author SHA1 Message Date
Peter Jones
3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Vladimir Serbinenko
ad4bfeec5c Change fs functions to add fs_ prefix
This avoid conflict with gnulib

Signed-off-by: Vladimir Serbinenko <phcoder@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-04-09 10:03:29 +10:00
Vladimir Serbinenko
ec65605af4 wildcard: Mark unused argument as such. 2015-02-21 16:19:09 +01:00
Vladimir Serbinenko
3b1b39c082 commands/wildcard: Add missing free.
Found by: Coverity scan.
2015-01-24 21:29:19 +01:00
Colin Watson
fc524edf65 Remove nested functions from filesystem directory iterators.
* include/grub/fs.h (grub_fs_dir_hook_t): New type.
(struct grub_fs.dir): Add hook_data argument.

Update all implementations and callers.
2013-01-21 01:33:46 +00:00
Colin Watson
25239370fd Remove nested functions from device iterators.
* include/grub/arc/arc.h (grub_arc_iterate_devs_hook_t): New type.
(grub_arc_iterate_devs): Add hook_data argument.
* include/grub/ata.h (grub_ata_dev_iterate_hook_t): New type.
(struct grub_ata_dev.iterate): Add hook_data argument.
* include/grub/device.h (grub_device_iterate_hook_t): New type.
(grub_device_iterate): Add hook_data argument.
* include/grub/disk.h (grub_disk_dev_iterate_hook_t): New type.
(struct grub_disk_dev.iterate): Add hook_data argument.
(grub_disk_dev_iterate): Likewise.
* include/grub/gpt_partition.h (grub_gpt_partition_map_iterate):
Likewise.
* include/grub/msdos_partition.h (grub_partition_msdos_iterate):
Likewise.
* include/grub/partition.h (grub_partition_iterate_hook_t): New
type.
(struct grub_partition_map.iterate): Add hook_data argument.
(grub_partition_iterate): Likewise.
* include/grub/scsi.h (grub_scsi_dev_iterate_hook_t): New type.
(struct grub_scsi_dev.iterate): Add hook_data argument.

Update all callers.
2013-01-20 15:52:15 +00:00
Vladimir 'phcoder' Serbinenko
58eee08fff * grub-core/commands/wildcard.c (check_file): Fix bad logic.
put explicit "/" for empty path.
	(wildcard_expand): Improve dprintf.
2012-06-27 21:13:06 +02:00
Vladimir 'phcoder' Serbinenko
485568790c Fix wildcard regexp dot and other special characters handling.
Reported by: Robert Mabee.

	* grub-core/commands/wildcard.c (isregexop): Add "|+{}[]?".
	(make_regex): Escape "|+{}[]". Transform '?' to '.?'.
	(split_path): Trigger expansion on '?'.
	(unescape): New function.
	(wildcard_expand): Unescape parts copied without globbing.
	* grub-core/script/execute.c (wildcard_escape): Escape '?'.
	(grub_script_arglist_to_argv): Don't unescape expansions.
2012-06-19 14:13:19 +02:00
Vladimir 'phcoder' Serbinenko
5e619f408d Fix wildcard escaping.
* grub-core/commands/wildcard.c (wildcard_escape): Moved from here ...
	* grub-core/script/execute.c (wildcard_escape): .. to here.
	Don't escape dot.
	* grub-core/commands/wildcard.c (wildcard_unescape): Moved from here ...
	* grub-core/script/execute.c (wildcard_unescape): .. to here.
	Don't escape dot.
	* grub-core/script/execute.c (gettext_append): Always escape.
	(grub_script_arglist_to_argv): Always handle escaping/unescaping.
	* grub-core/script/yylex.l: Don't cut away the escaping.
	* tests/grub_script_echo1.in: Add tests with wildcard.
2012-06-08 22:54:21 +02:00
Vladimir 'phcoder' Serbinenko
9068fdcf0b * grub-core/commands/wildcard.c (wildcard_expand): Set default return
value rather than let it uninited.
2012-06-08 19:29:43 +02:00
Vladimir 'phcoder' Serbinenko
f4d5820f28 * grub-core/commands/wildcard.c (+check_file): New function.
(wildcard_expand): Don't expand to non-existing files, expand with
	suffix and not attempt to expand if not needed.
2012-06-07 23:18:04 +02:00
Vladimir 'phcoder' Serbinenko
f8a9ab1245 * grub-core/commands/wildcard.c (match_files): Handle filenames
without explicit device.
	(wildcard_expand): Don't add explicit device if not already present.
	* tests/grub_script_echo1.in: Add a new expansion test.
2012-01-24 13:34:36 +01:00
Vladimir 'phcoder' Serbinenko
d35d0d3753 Add const keyword to grub_env_get and gettextize week days.
* grub-core/hook/datehook.c (grub_datetime_names): Make const.
	(grub_read_hook_datetime): Return const char *.
	* grub-core/kern/env.c (grub_env_get): Return const char *. All users
	updated.
	* grub-core/normal/datetime.c (grub_weekday_names): Make const.
	Mark for gettext.
	(grub_get_weekday_name): Return const char *. Call gettext.
	* grub-core/script/argv.c (grub_script_argv_append): Receive const
	char * and len as the argument. All users updated.
	(grub_script_argv_split_append): Receive const char *.
	* include/grub/datetime.h (grub_get_weekday_name): Update proto.
	* include/grub/env.h (grub_env_get): Likewise.
	(grub_env_read_hook_t): Return const char *.
	* include/grub/script_sh.h (grub_script_argv_append): Update proto.
	(grub_script_argv_split_append): Likewise.
2011-11-11 20:34:37 +01:00
Vladimir 'phcoder' Serbinenko
ab80f326f4 * grub-core/commands/wildcard.c (make_regex): Handle @. 2011-08-23 11:19:26 +02:00
Szymon Janc
cbf597afb1 * grub-core/commands/cmp.c (grub_cmd_cmp): Remove unnecessary NULL
pointer checks before calling grub_free().
	* grub-core/commands/wildcard.c (match_devices): Likewise.
	* grub-core/commands/wildcard.c (match_files): Likewise.
	* grub-core/fs/cpio.c (grub_cpio_dir): Likewise.
	* grub-core/fs/cpio.c (grub_cpio_open): Likewise.
	* grub-core/fs/udf.c (grub_udf_read_block): Likewise.
	* grub-core/fs/xfs.c (grub_xfs_read_block): Likewise.
	* grub-core/loader/efi/chainloader.c (grub_cmd_chainloader): Likewise.
	* grub-core/normal/cmdline.c (grub_cmdline_get): Likewise.
	* grub-core/script/yylex.l (grub_lexer_unput): Likewise.
	* grub-core/video/readers/jpeg.c (grub_video_reader_jpeg): Likewise.
	* grub-core/video/readers/png.c (grub_png_output_byte): Likewise.
2011-06-26 17:17:41 +02:00
Vladimir 'phcoder' Serbinenko
4388ca7224 * grub-core/commands/wildcard.c (match_files): Add a useful dprintf.
(wildcard_expand): Don't stop on nonregexp parts after regexp ones since
	it truncates the output.
	Reported by: Ximin Luo.
2011-06-24 13:43:10 +02:00
Szymon Janc
3f0f38317b * grub-core/commands/regexp.c (grub_cmd_regexp): Remove unused
variable.
	* grub-core/commands/wildcard.c (match_files): Likewise.
2010-11-30 21:35:59 +01:00
Vladimir 'phcoder' Serbinenko
d8a84076ea * grub-core/commands/wildcard.c (make_regex): Escape brackets. 2010-09-12 20:15:30 +02:00
bvk.groups@gmail.com
b61d05ed19 * grub-core/commands/wildcard.c (wildcard_expand): Fix wrong
grub_free.
2010-09-07 17:16:03 +05:30
BVK Chaitanya
854bd47cb8 fix memory leak and out-of-range writes 2010-09-04 14:22:51 +05:30
BVK Chaitanya
cc7b1ab4d6 review comments 2010-09-03 20:35:23 +05:30
BVK Chaitanya
8fdefb9253 merge with mainline 2010-08-26 12:11:57 +05:30