vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
grub/grub-core/disk
History
Peter Jones 3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations 
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
..
arc Rename grub_disk members 2019-03-25 15:14:52 +01:00
efi efidisk: NULL pointer dereference in grub_efidisk_get_device_name() 2019-04-02 13:09:08 +02:00
i386/pc Rename grub_disk members 2019-03-25 15:14:52 +01:00
ieee1275 calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
uboot Rename grub_disk members 2019-03-25 15:14:52 +01:00
xen calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
AFSplitter.c afsplitter: Move into its own module 2020-01-10 14:27:49 +01:00
ahci.c ahci: Increase time-out from 10 s to 32 s 2018-09-13 10:54:54 +02:00
ata.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
cryptodisk.c luks: Move configuration of ciphers into cryptodisk 2020-01-10 14:29:37 +01:00
diskfilter.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
dmraid_nvidia.c dmraid_nvidia: Set a name to usable value to avoid null dereference. 2015-07-22 01:57:40 +02:00
geli.c disk/geli: Add missing free. 2015-01-24 21:47:51 +01:00
host.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
ldm.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
loopback.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
luks.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
luks2.c luks2: Propagate error when reading area key fails 2020-04-21 22:18:26 +02:00
lvm.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
mdraid1x_linux.c mdraid1x_linux: Fix gcc10 error -Werror=array-bounds 2020-03-31 12:17:02 +02:00
mdraid_linux.c cleanup: grub_cpu_to_XXX_compile_time for constants 2014-09-22 20:47:10 +04:00
mdraid_linux_be.c Handle big-endian mdraid. 2012-03-26 16:10:40 +02:00
memdisk.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
pata.c Add PCI command activation to all PCI drivers as required for coreboot 2013-11-26 14:21:11 +01:00
raid5_recover.c * include/grub/diskfilter.h (grub_raid5_recover_func_t): Use proper 2012-06-25 17:36:50 +02:00
raid6_recover.c btrfs: Make more generic the code for RAID 6 rebuilding 2018-10-31 12:07:29 +01:00
scsi.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
usbms.c cleanup: grub_cpu_to_XXX_compile_time for constants 2014-09-22 20:47:10 +04:00