47cf63735c
Resolves: CVE-2020-10713 Resolves: CVE-2020-14308 Resolves: CVE-2020-14309 Resolves: CVE-2020-14310 Resolves: CVE-2020-14311 Resolves: CVE-2020-15705 Resolves: CVE-2020-15706 Resolves: CVE-2020-15707 Signed-off-by: Peter Jones <pjones@redhat.com>
44 lines
1.3 KiB
Diff
44 lines
1.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Alexey Makhalov <amakhalov@vmware.com>
|
|
Date: Fri, 17 Jul 2020 05:17:26 +0000
|
|
Subject: [PATCH] relocator: Fix grub_relocator_alloc_chunk_align() top memory
|
|
allocation
|
|
|
|
Current implementation of grub_relocator_alloc_chunk_align()
|
|
does not allow allocation of the top byte.
|
|
|
|
Assuming input args are:
|
|
max_addr = 0xfffff000;
|
|
size = 0x1000;
|
|
|
|
And this is valid. But following overflow protection will
|
|
unnecessarily move max_addr one byte down (to 0xffffefff):
|
|
if (max_addr > ~size)
|
|
max_addr = ~size;
|
|
|
|
~size + 1 will fix the situation. In addition, check size
|
|
for non zero to do not zero max_addr.
|
|
|
|
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Upstream-commit-id: ab80a97eb1f
|
|
---
|
|
grub-core/lib/relocator.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
|
|
index 5847aac3643..f2c1944c28d 100644
|
|
--- a/grub-core/lib/relocator.c
|
|
+++ b/grub-core/lib/relocator.c
|
|
@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
|
|
};
|
|
grub_addr_t min_addr2 = 0, max_addr2;
|
|
|
|
- if (max_addr > ~size)
|
|
- max_addr = ~size;
|
|
+ if (size && (max_addr > ~size))
|
|
+ max_addr = ~size + 1;
|
|
|
|
#ifdef GRUB_MACHINE_PCBIOS
|
|
if (min_addr < 0x1000)
|