7e98da058f
This change reorganizes and cleanups our patches to reduce the patch number from 314 patches to 187. That's achieved by dropping patches that are later reverted and squashing fixes for earlier patches that introduced features. There are no code changes and the diff with upstream is the same before and after the cleanup. Having fewer patches makes easier to manage the patchset and also will ease to rebase them on top of the latest grub-2.04 release. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
45 lines
1.3 KiB
Diff
45 lines
1.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
|
Date: Fri, 13 Nov 2015 16:21:09 +0100
|
|
Subject: [PATCH] Fix security issue when reading username and password
|
|
|
|
This patch fixes two integer underflows at:
|
|
* grub-core/lib/crypto.c
|
|
* grub-core/normal/auth.c
|
|
|
|
Resolves: CVE-2015-8370
|
|
|
|
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
|
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
|
---
|
|
grub-core/lib/crypto.c | 2 +-
|
|
grub-core/normal/auth.c | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
|
index ca334d5a40e..e6c78d16d39 100644
|
|
--- a/grub-core/lib/crypto.c
|
|
+++ b/grub-core/lib/crypto.c
|
|
@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
|
|
break;
|
|
}
|
|
|
|
- if (key == '\b')
|
|
+ if (key == '\b' && cur_len)
|
|
{
|
|
if (cur_len)
|
|
cur_len--;
|
|
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
|
|
index 6be678c0de1..c35ce972473 100644
|
|
--- a/grub-core/normal/auth.c
|
|
+++ b/grub-core/normal/auth.c
|
|
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
|
|
break;
|
|
}
|
|
|
|
- if (key == GRUB_TERM_BACKSPACE)
|
|
+ if (key == GRUB_TERM_BACKSPACE && cur_len)
|
|
{
|
|
if (cur_len)
|
|
{
|