proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-23 06:25:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,128 Commits 1 Branch 0 Tags 41 MiB
3d157bbd06
Commit Graph

7 Commits

Author SHA1 Message Date
Daniel Axtens
2ca0e5dbcd fs/hfsplus: Don't use uninitialized data on corrupt filesystems 
Valgrind identified the following use of uninitialized data:

  ==2782220== Conditional jump or move depends on uninitialised value(s)
  ==2782220==    at 0x42B364: grub_hfsplus_btree_search (hfsplus.c:566)
  ==2782220==    by 0x42B21D: grub_hfsplus_read_block (hfsplus.c:185)
  ==2782220==    by 0x42A693: grub_fshelp_read_file (fshelp.c:386)
  ==2782220==    by 0x42C598: grub_hfsplus_read_file (hfsplus.c:219)
  ==2782220==    by 0x42C598: grub_hfsplus_mount (hfsplus.c:330)
  ==2782220==    by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958)
  ==2782220==    by 0x4C1AE6: grub_fs_probe (fs.c:73)
  ==2782220==    by 0x407C94: grub_ls_list_files (ls.c:186)
  ==2782220==    by 0x407C94: grub_cmd_ls (ls.c:284)
  ==2782220==    by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55)
  ==2782220==    by 0x4045A6: execute_command (grub-fstest.c:59)
  ==2782220==    by 0x4045A6: fstest (grub-fstest.c:433)
  ==2782220==    by 0x4045A6: main (grub-fstest.c:772)
  ==2782220==  Uninitialised value was created by a heap allocation
  ==2782220==    at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==2782220==    by 0x4C0305: grub_malloc (mm.c:42)
  ==2782220==    by 0x42C21D: grub_hfsplus_mount (hfsplus.c:239)
  ==2782220==    by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958)
  ==2782220==    by 0x4C1AE6: grub_fs_probe (fs.c:73)
  ==2782220==    by 0x407C94: grub_ls_list_files (ls.c:186)
  ==2782220==    by 0x407C94: grub_cmd_ls (ls.c:284)
  ==2782220==    by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55)
  ==2782220==    by 0x4045A6: execute_command (grub-fstest.c:59)
  ==2782220==    by 0x4045A6: fstest (grub-fstest.c:433)
  ==2782220==    by 0x4045A6: main (grub-fstest.c:772)

This happens when the process of reading the catalog file goes sufficiently
wrong that there's an attempt to read the extent overflow file, which has
not yet been loaded. Keep track of when the extent overflow file is
fully loaded and refuse to use it before then.

The load valgrind doesn't like is btree->nodesize, and that's then used
to allocate a data structure. It looks like there are subsequently a lot
of reads based on that pointer so OOB reads are likely, and indeed crashes
(albeit difficult-to-replicate ones) have been observed in fuzzing.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 2021-03-02 15:54:18 +01:00
Vladimir Serbinenko
5fe21c9968 hfsplus: Fix potential access to uninited memory on invalid FS 2015-03-06 22:33:20 +01:00
Vladimir Serbinenko
ab216512d7 * grub-core/commands/macbless.c (grub_mac_bless_inode): Pass inode as u32 
as both HFS and HFS+ have 32-bit inodes.
 2013-12-21 14:40:53 +01:00
Vladimir Serbinenko
b8765fa082 Implement better integration with Mac firmware. 2013-12-17 15:21:02 +01:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw. 
Just "packed" doesn't always pack the way we expect.
 2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
f169f65e75 * grub-core/fs/hfspluscomp.c (hfsplus_read_compressed_real): Call 
file_progress_read_hook.
	* grub-core/fs/ntfscomp.c (hfsplus_read_compressed_real): Likewise.
 2013-11-02 16:30:53 +01:00
Vladimir 'phcoder' Serbinenko
8098f65556 Compressed HFS+ support. 2013-05-07 15:46:17 +02:00