grub/grub-core/loader
Peter Jones d2cf823d0e efi: Fix some malformed device path arithmetic errors
Several places we take the length of a device path and subtract 4 from
it, without ever checking that it's >= 4. There are also cases where
this kind of malformation will result in unpredictable iteration,
including treating the length from one dp node as the type in the next
node. These are all errors, no matter where the data comes from.

This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
the length is too small. Additionally, it makes several places in the
code check for and return errors in these cases.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
..
arm calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
arm64 efi: Rename armxx to arch 2019-02-25 11:28:44 +01:00
efi efi: Fix some malformed device path arithmetic errors 2020-07-29 16:55:48 +02:00
i386 efi: Fix some malformed device path arithmetic errors 2020-07-29 16:55:48 +02:00
ia64/efi verifiers: IA-64 fallout cleanup 2019-03-20 11:38:28 +01:00
mips relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
powerpc/ieee1275 verifiers: PowerPC fallout cleanup 2019-03-20 11:38:28 +01:00
riscv RISC-V: Add Linux load logic 2019-02-25 11:33:06 +01:00
sparc64/ieee1275 arm-uboot, ia64, sparc64: Fix up grub_file_open() calls 2018-11-16 14:42:51 +01:00
aout.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
linux.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
lzss.c Add LZSS Mach-O support (needed for new xnu kernelcache). 2012-02-29 13:26:13 +01:00
macho.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
macho32.c * grub-core/loader/machoXX.c: Fix compilation on non-i386. 2013-12-17 22:44:46 +01:00
macho64.c * grub-core/loader/machoXX.c: Fix compilation on non-i386. 2013-12-17 22:44:46 +01:00
machoXX.c Simplify few strings. 2013-05-07 11:44:15 +02:00
multiboot.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
multiboot_elfxx.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
multiboot_mbi2.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
xnu.c relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow 2020-07-29 16:55:48 +02:00
xnu_resume.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00