grub/grub-core/loader/i386
Peter Jones d2cf823d0e efi: Fix some malformed device path arithmetic errors
Several places we take the length of a device path and subtract 4 from
it, without ever checking that it's >= 4. There are also cases where
this kind of malformation will result in unpredictable iteration,
including treating the length from one dp node as the type in the next
node. These are all errors, no matter where the data comes from.

This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
the length is too small. Additionally, it makes several places in the
code check for and return errors in these cases.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
..
coreboot verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
pc relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
bsd.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
bsd32.c automake commit without merge history 2010-05-06 11:34:04 +05:30
bsd64.c automake commit without merge history 2010-05-06 11:34:04 +05:30
bsd_pagetable.c * grub-core/commands/legacycfg.c (grub_cmd_legacy_kernel): 2010-10-16 22:16:52 +02:00
bsdXX.c calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
linux.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
multiboot_mbi.c relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
xen.c relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow 2020-07-29 16:55:48 +02:00
xen_file.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
xen_file32.c Add new ports: i386-xen and x86_64-xen. This allows running GRUB in 2013-11-09 21:29:11 +01:00
xen_file64.c Add new ports: i386-xen and x86_64-xen. This allows running GRUB in 2013-11-09 21:29:11 +01:00
xen_fileXX.c misc: Make grub_strtol() "end" pointers have safer const qualifiers 2020-02-28 12:41:29 +01:00
xnu.c efi: Fix some malformed device path arithmetic errors 2020-07-29 16:55:48 +02:00