grub/grub-core/disk
Patrick Steinhardt 1066336dc8 luks: Fix out-of-bounds copy of UUID
When configuring a LUKS disk, we copy over the UUID from the LUKS header
into the new grub_cryptodisk_t structure via grub_memcpy(). As size
we mistakenly use the size of the grub_cryptodisk_t UUID field, which
is guaranteed to be strictly bigger than the LUKS UUID field we're
copying. As a result, the copy always goes out-of-bounds and copies some
garbage from other surrounding fields. During runtime, this isn't
noticed due to the fact that we always NUL-terminate the UUID and thus
never hit the trailing garbage.

Fix the issue by using the size of the local stripped UUID field.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-11 15:47:39 +02:00
..
arc Rename grub_disk members 2019-03-25 15:14:52 +01:00
efi efidisk: NULL pointer dereference in grub_efidisk_get_device_name() 2019-04-02 13:09:08 +02:00
i386/pc Rename grub_disk members 2019-03-25 15:14:52 +01:00
ieee1275 calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
uboot Rename grub_disk members 2019-03-25 15:14:52 +01:00
xen calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
AFSplitter.c afsplitter: Move into its own module 2020-01-10 14:27:49 +01:00
ahci.c ahci: Increase time-out from 10 s to 32 s 2018-09-13 10:54:54 +02:00
ata.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
cryptodisk.c luks: Move configuration of ciphers into cryptodisk 2020-01-10 14:29:37 +01:00
diskfilter.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
dmraid_nvidia.c dmraid_nvidia: Set a name to usable value to avoid null dereference. 2015-07-22 01:57:40 +02:00
geli.c disk/geli: Add missing free. 2015-01-24 21:47:51 +01:00
host.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
ldm.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
loopback.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
luks.c luks: Fix out-of-bounds copy of UUID 2020-09-11 15:47:39 +02:00
luks2.c luks2: Propagate error when reading area key fails 2020-04-21 22:18:26 +02:00
lvm.c lvm: Fix two more potential data-dependent alloc overflows 2020-07-29 16:55:48 +02:00
mdraid1x_linux.c mdraid1x_linux: Fix gcc10 error -Werror=array-bounds 2020-03-31 12:17:02 +02:00
mdraid_linux.c cleanup: grub_cpu_to_XXX_compile_time for constants 2014-09-22 20:47:10 +04:00
mdraid_linux_be.c Handle big-endian mdraid. 2012-03-26 16:10:40 +02:00
memdisk.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
pata.c Add PCI command activation to all PCI drivers as required for coreboot 2013-11-26 14:21:11 +01:00
raid5_recover.c * include/grub/diskfilter.h (grub_raid5_recover_func_t): Use proper 2012-06-25 17:36:50 +02:00
raid6_recover.c btrfs: Make more generic the code for RAID 6 rebuilding 2018-10-31 12:07:29 +01:00
scsi.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
usbms.c cleanup: grub_cpu_to_XXX_compile_time for constants 2014-09-22 20:47:10 +04:00