grub/grub-core/kern
Peter Jones d2cf823d0e efi: Fix some malformed device path arithmetic errors
Several places we take the length of a device path and subtract 4 from
it, without ever checking that it's >= 4. There are also cases where
this kind of malformation will result in unpredictable iteration,
including treating the length from one dp node as the type in the next
node. These are all errors, no matter where the data comes from.

This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
the length is too small. Additionally, it makes several places in the
code check for and return errors in these cases.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
..
arm arm: Fix 32-bit ARM handling of the CTR register 2020-05-25 15:02:51 +02:00
arm64 Fix mingw compilation. 2017-02-03 13:01:34 +01:00
coreboot arm-coreboot: Start new port. 2017-05-08 20:53:28 +02:00
efi efi: Fix some malformed device path arithmetic errors 2020-07-29 16:55:48 +02:00
emu emu: Make grub_free(NULL) safe 2020-07-29 16:55:48 +02:00
generic rtc_get_time_ms.c (grub_rtc_get_time_ms): Avoid division by zero. 2015-01-21 17:42:14 +01:00
i386 verifiers: Core TPM support 2018-12-12 14:51:26 +01:00
ia64 Fix remaining cases of gcc 7 fallthrough warning. 2017-04-12 01:42:38 +00:00
ieee1275 ieee1275: NULL pointer dereference in grub_ieee1275_encode_devname() 2019-04-04 18:34:05 +02:00
mips mips/cache: Add missing nop's in delay slots 2020-05-15 14:30:07 +02:00
powerpc Support R_PPC_PLTREL24 2019-03-25 15:08:49 +01:00
riscv RISC-V: Add auxiliary files 2019-02-25 14:01:59 +01:00
sparc64 sparc64: #blocks64 disk node method 2018-03-05 15:26:36 +01:00
uboot calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
x86_64 x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32 2018-02-23 22:25:30 +01:00
xen xen: Add basic hooks for PVH in current code 2018-12-12 12:03:27 +01:00
acpi.c Make grub_acpi_find_fadt accessible generically 2016-02-12 11:35:48 +01:00
command.c Remove prio_list 2012-02-12 03:52:17 +01:00
compiler-rt.c sparc: Enable __clzsi2() and __clzdi2() 2019-03-20 11:38:28 +01:00
corecmd.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
device.c Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
disk.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
disk_common.c * grub-core/kern/disk_common.c: Clump disk size to 1EiB. 2014-08-10 11:27:36 +02:00
dl.c RISC-V: Add awareness for RISC-V reloations 2019-02-25 11:34:09 +01:00
elf.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
elfXX.c kern/elf: fix unintended sign extension 2016-01-09 19:41:26 +03:00
env.c * grub-core/kern/env.c, include/grub/env.h: Change iterator through 2013-03-03 01:34:27 +01:00
err.c * grub-core/kern/misc.c (grub_abort): Make static 2013-10-27 14:13:39 +01:00
file.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
fs.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
list.c Remove prio_list. 2012-02-26 22:49:24 +01:00
main.c * grub-core/kern/main.c (grub_set_prefix_and_root): Set variable 2013-11-14 15:53:32 +01:00
misc.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
mm.c calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
parser.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
partition.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
rescue_parser.c rescue_parser: restructure code to avoid Coverity false positive 2016-01-09 18:15:27 +03:00
rescue_reader.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
term.c kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys 2020-04-21 22:13:44 +02:00
time.c automake commit without merge history 2010-05-06 11:34:04 +05:30
vga_init.c * grub-core/kern/vga_init.c: Fix compilation on qemu-mips. 2013-08-14 09:50:57 +02:00