vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
No description
9939 commits 7 branches 0 tags 143 MiB
C 90%
Assembly 4.3%
Shell 1.5%
Gettext Catalog 1.2%
M4 0.8%
Other 2%
Find a file
Konrad Rzeszutek Wilk 61b7ca08d1 term: Fix overflow on user inputs 
This requires a very weird input from the serial interface but can cause
an overflow in input_buf (keys) overwriting the next variable (npending)
with the user choice:

(pahole output)

struct grub_terminfo_input_state {
        int                        input_buf[6];         /*     0    24 */
        int                        npending;             /*    24     4 */ <- CORRUPT
        ...snip...

The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow
npending with "q" (aka increase npending to 161). The simplest fix is to
just to disallow overwrites input_buf, which exactly what this patch does.

Fixes: CID 292449

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
asm-tests asm-tests/i386-pc: Check that movl is 5 bytes. 2016-09-28 20:31:04 +03:00
conf gettext: Restore patches to po/Makefile.in.in 2020-03-10 21:17:54 +01:00
docs docs/grub: Support for probing partition UUID on MSDOS disks 2020-05-15 15:27:58 +02:00
grub-core term: Fix overflow on user inputs 2020-07-29 16:55:48 +02:00
include calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
po po: Fix replacement of %m in sed programs 2020-03-10 21:32:09 +01:00
tests syslinux: Fix syslinux_test in out-of-tree builds 2019-03-05 10:27:53 +01:00
themes/starfield Starfield theme. 2012-02-23 17:21:38 +01:00
unicode * unicode: Import Unicode 6.0 data. 2011-12-25 16:17:25 +01:00
util calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
.gitattributes gitattributes: Mark po/exclude.pot as binary so git won't try to diff nonprintables 2019-09-23 13:17:15 +02:00
.gitignore gitignore: Add a few forgotten file patterns 2020-05-15 15:06:21 +02:00
.travis.yml travis: Add Travis CI config file 2019-02-25 14:02:06 +01:00
acinclude.m4 Fix -nopie/-nopie check. 2017-01-30 19:38:55 +01:00
AUTHORS 2005-09-03 Yoshinori K. Okuji <okuji@enbug.org> 2005-09-03 16:54:27 +00:00
autogen.sh autogen: Replace -iname with -ipath in find command 2020-05-15 15:35:59 +02:00
bootstrap gnulib: Upgrade Gnulib and switch to bootstrap tool 2019-03-05 10:48:12 +01:00
bootstrap.conf gettext: Restore patches to po/Makefile.in.in 2020-03-10 21:17:54 +01:00
BUGS * BUGS: New file. 2011-01-11 00:06:01 +01:00
ChangeLog-2015 Autogenerate ChangeLog from git changelog. 2015-01-24 17:29:50 +01:00
config.h.in Remove libgcc dependency. 2015-03-03 20:50:37 +01:00
configure.ac INSTALL/configure: Update install doc and configure comment 2020-05-25 14:49:53 +02:00
COPYING 2007-07-22 Yoshinori K. Okuji <okuji@enbug.org> 2007-07-21 23:32:33 +00:00
coreboot.cfg * coreboot.cfg: Add missing file. 2013-11-20 00:52:23 +01:00
geninit.sh automake commit without merge history 2010-05-06 11:34:04 +05:30
gentpl.py build: Fix GRUB i386-pc build with Ubuntu gcc 2020-03-31 12:17:02 +02:00
INSTALL safemath: Add some arithmetic primitives that check for overflow 2020-07-29 16:55:47 +02:00
linguas.sh linguas: Don't skip ko.po. 2017-02-04 00:06:57 +01:00
Makefile.am Makefile: Make libgrub.pp depend on config-util.h 2020-03-10 21:39:53 +01:00
Makefile.util.def templates: Output a menu entry for firmware setup on UEFI FastBoot systems 2020-04-21 22:14:12 +02:00
NEWS Release 2.04 2019-07-04 15:57:30 +02:00
README README: Remove dead link to the wiki 2015-11-06 04:31:23 +01:00
THANKS 2009-12-11 Robert Millan <rmh.grub@aybabtu.com> 2009-12-11 22:44:47 +00:00
TODO TODO: Remove obsolete link 2016-02-12 17:51:52 +01:00

README 

This is GRUB 2, the second version of the GRand Unified Bootloader.
GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more
robust, more powerful, and more portable.

See the file NEWS for a description of recent changes to GRUB 2.

See the file INSTALL for instructions on how to build and install the
GRUB 2 data and program files.

Please visit the official web page of GRUB 2, for more information.
The URL is <http://www.gnu.org/software/grub/grub.html>.

More extensive documentation is available in the Info manual,
accessible using 'info grub' after building and installing GRUB 2.

There are a number of important user-visible differences from the
first version of GRUB, now known as GRUB Legacy. For a summary, please
see:

  info grub Introduction 'Changes from GRUB Legacy'