grub/grub-core/lib
Peter Jones 3f05d693d1 malloc: Use overflow checking primitives where we do complex allocations
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
..
arc sgi support 2011-05-13 16:36:05 +02:00
arm * grub-core/kern/arm/cache.S: Don't switch back to ARM mode when 2013-11-16 17:37:06 +01:00
arm64 arm64/setjmp: Add missing move for arg1 == 0 case. 2016-01-07 21:10:05 +01:00
dummy arm-coreboot: Start new port. 2017-05-08 20:53:28 +02:00
efi RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
emu Add missing emu/halt.c 2010-08-30 00:54:15 +02:00
gnulib-patches gnulib: Fix build of base64 when compiling with memory debugging 2020-03-10 21:58:36 +01:00
i386 freedos: Fix FreeDOS command booting large files (near or above 64 KiB) 2020-01-28 21:16:48 +01:00
ia64 * grub-core/lib/ia64/longjmp.S: Fix the name of longjmp function. 2013-03-02 15:31:17 +01:00
ieee1275 iee1275/datetime: Fix off-by-1 error. 2016-01-07 15:53:42 +01:00
json calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
libgcrypt calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
libgcrypt_wrap calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
minilzo minilzo: Update to minilzo-2.08 2020-02-11 21:30:30 +01:00
mips mips: Make setjmp code N32-compliant. 2015-10-11 13:20:26 +02:00
posix_wrap calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
powerpc * grub-core/lib/powerpc/setjmp.S (grub_setjmp): Save r31. 2013-11-18 02:35:32 +01:00
riscv RISC-V: Add setjmp implementation 2019-02-25 11:28:44 +01:00
sparc64 * grub-core/lib/sparc64/setjmp.S: Force spilling of current window. 2013-11-18 10:01:36 +01:00
uboot Rename uboot/datetime to dummy/datetime. 2017-05-08 19:40:14 +02:00
x86_64 xen: modify page table construction 2016-10-27 16:22:06 +02:00
xen xen: modify page table construction 2016-10-27 16:22:06 +02:00
xzembed Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
zstd calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
adler32.c * grub-core/lib/adler32.c: Recode due to license unclearness. 2012-04-07 19:58:39 +02:00
arg.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
backtrace.c * grub-core/disk/ahci.c: Add needed explicit cast. 2013-08-21 21:02:14 +02:00
cmdline.c verifiers: Add possibility to verify kernel and modules command lines 2018-11-09 13:25:31 +01:00
cmos_datetime.c CMOS support on sparc. 2011-07-05 20:24:20 +02:00
crc.c Remove several trivially-unnecessary uses of nested functions. 2012-12-31 17:31:38 +00:00
crc64.c Remove several trivially-unnecessary uses of nested functions. 2012-12-31 17:31:38 +00:00
crypto.c core: use GRUB_TERM_ definitions when handling term characters 2017-08-07 19:28:22 +02:00
datetime.c normal: Move common datetime functions out of the normal module 2020-02-18 15:12:06 +01:00
disk.c Rename grub_disk members 2019-03-25 15:14:52 +01:00
division.c core: avoid NULL derefrence in grub_divmod64s 2015-04-06 19:30:51 +03:00
envblk.c envblk: Fix buffer overrun when attempting to shrink a variable value 2020-05-15 15:24:59 +02:00
fake_module.c Add new all_video module. 2012-02-26 18:09:07 +01:00
fdt.c fdt: Move prop_entry_size to fdt.h 2018-06-23 21:40:55 +02:00
getline.c Implement syslinux parser. 2013-12-18 05:28:05 +01:00
hexdump.c automake commit without merge history 2010-05-06 11:34:04 +05:30
legacy_parse.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
LzFind.c * grub-core/lib/LzFind.c (MatchFinder_GetIndexByte): Rename index to 2012-02-10 12:21:28 +01:00
LzmaDec.c * include/grub/lib/LzmaDec.h: Fix to include LzmaTypes.h and 2013-11-10 20:37:01 +01:00
LzmaEnc.c * conf/Makefile.common (CFLAGS_GNULIB): Add 2012-02-24 12:30:32 +01:00
pbkdf2.c Remove pragmas related to -Wunreachable-code 2016-01-20 15:56:55 +00:00
priority_queue.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
progress.c Disable progress indicator in grub-shell. 2016-01-05 21:10:10 +01:00
random.c Add RNG module. 2016-02-12 12:39:38 +01:00
reed_solomon.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
relocator.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
setjmp.S RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
syslinux_parse.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00