diff --git a/ChangeLog b/ChangeLog index c18ab2da6..14284774f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2015-01-20 Vladimir Serbinenko + + * grub-core/bus/usb/usbtrans.c (grub_usb_bulk_maxpacket): Avoid + potentially returning 0. + +2015-01-20 Vladimir Serbinenko + + * grub-core/fs/minix.c (grub_minix_read_file): Avoid reading past + the end of file. + 2015-01-20 Vladimir Serbinenko * grub-core/fs/fshelp.c (grub_fshelp_read_file): Don't attempt to read diff --git a/grub-core/bus/usb/usbtrans.c b/grub-core/bus/usb/usbtrans.c index 557e71c2e..b614997f2 100644 --- a/grub-core/bus/usb/usbtrans.c +++ b/grub-core/bus/usb/usbtrans.c @@ -31,7 +31,7 @@ grub_usb_bulk_maxpacket (grub_usb_device_t dev, struct grub_usb_desc_endp *endpoint) { /* Use the maximum packet size given in the endpoint descriptor. */ - if (dev->initialized && endpoint) + if (dev->initialized && endpoint && (unsigned int) endpoint->maxpacket) return endpoint->maxpacket; return 64; diff --git a/grub-core/fs/minix.c b/grub-core/fs/minix.c index 98e1b71ec..6f629a12f 100644 --- a/grub-core/fs/minix.c +++ b/grub-core/fs/minix.c @@ -262,6 +262,13 @@ grub_minix_read_file (struct grub_minix_data *data, grub_uint32_t posblock; grub_uint32_t blockoff; + if (pos > GRUB_MINIX_INODE_SIZE (data)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + N_("attempt to read past the end of file")); + return -1; + } + /* Adjust len so it we can't read past the end of the file. */ if (len + pos > GRUB_MINIX_INODE_SIZE (data)) len = GRUB_MINIX_INODE_SIZE (data) - pos;