proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-21 22:18:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2ca0e5dbcd
grub2/grub-core
History
Daniel Axtens 2ca0e5dbcd fs/hfsplus: Don't use uninitialized data on corrupt filesystems 
Valgrind identified the following use of uninitialized data:

  ==2782220== Conditional jump or move depends on uninitialised value(s)
  ==2782220==    at 0x42B364: grub_hfsplus_btree_search (hfsplus.c:566)
  ==2782220==    by 0x42B21D: grub_hfsplus_read_block (hfsplus.c:185)
  ==2782220==    by 0x42A693: grub_fshelp_read_file (fshelp.c:386)
  ==2782220==    by 0x42C598: grub_hfsplus_read_file (hfsplus.c:219)
  ==2782220==    by 0x42C598: grub_hfsplus_mount (hfsplus.c:330)
  ==2782220==    by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958)
  ==2782220==    by 0x4C1AE6: grub_fs_probe (fs.c:73)
  ==2782220==    by 0x407C94: grub_ls_list_files (ls.c:186)
  ==2782220==    by 0x407C94: grub_cmd_ls (ls.c:284)
  ==2782220==    by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55)
  ==2782220==    by 0x4045A6: execute_command (grub-fstest.c:59)
  ==2782220==    by 0x4045A6: fstest (grub-fstest.c:433)
  ==2782220==    by 0x4045A6: main (grub-fstest.c:772)
  ==2782220==  Uninitialised value was created by a heap allocation
  ==2782220==    at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==2782220==    by 0x4C0305: grub_malloc (mm.c:42)
  ==2782220==    by 0x42C21D: grub_hfsplus_mount (hfsplus.c:239)
  ==2782220==    by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958)
  ==2782220==    by 0x4C1AE6: grub_fs_probe (fs.c:73)
  ==2782220==    by 0x407C94: grub_ls_list_files (ls.c:186)
  ==2782220==    by 0x407C94: grub_cmd_ls (ls.c:284)
  ==2782220==    by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55)
  ==2782220==    by 0x4045A6: execute_command (grub-fstest.c:59)
  ==2782220==    by 0x4045A6: fstest (grub-fstest.c:433)
  ==2782220==    by 0x4045A6: main (grub-fstest.c:772)

This happens when the process of reading the catalog file goes sufficiently
wrong that there's an attempt to read the extent overflow file, which has
not yet been loaded. Keep track of when the extent overflow file is
fully loaded and refuse to use it before then.

The load valgrind doesn't like is btree->nodesize, and that's then used
to allocate a data structure. It looks like there are subsequently a lot
of reads based on that pointer so OOB reads are likely, and indeed crashes
(albeit difficult-to-replicate ones) have been observed in fuzzing.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:18 +01:00
..
boot A workaround for clang problem assembling startup_raw.S 2019-04-08 15:22:10 +10:00
bus usb: Avoid possible out-of-bound accesses caused by malicious devices 2021-03-02 15:54:15 +01:00
commands commands/menuentry: Fix quoting in setparams_prefix() 2021-03-02 15:54:17 +01:00
disk disk/cryptodisk: Fix potential integer overflow 2021-03-02 15:54:16 +01:00
efiemu calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
font font: Do not load more than one NAME section 2020-07-29 16:55:48 +02:00
fs fs/hfsplus: Don't use uninitialized data on corrupt filesystems 2021-03-02 15:54:18 +01:00
gdb gdb: Restrict GDB access when locked down 2021-03-02 15:54:15 +01:00
gettext verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gfxmenu gfxmenu/gui_list: Remove code that coverity is flagging as dead 2021-03-02 15:54:17 +01:00
hello * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
hook * grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic 2011-11-11 21:03:49 +01:00
io io/lzopio: Resolve unnecessary self-assignment errors 2021-03-02 15:54:16 +01:00
kern kern/misc: Always set *end in grub_strtoull() 2021-03-02 15:54:17 +01:00
lib lib/arg: Block repeated short options that require an argument 2021-03-02 15:54:17 +01:00
loader loader/xnu: Check if pointer is NULL before using it 2021-03-02 15:54:17 +01:00
mmap mmap: Fix memory leak when iterating over mapped memory 2021-03-02 15:54:15 +01:00
net net/tftp: Fix dangling memory pointer 2021-03-02 15:54:16 +01:00
normal normal/completion: Fix leaking of memory when processing a completion 2021-03-02 15:54:17 +01:00
osdep disk: Rename grub_disk_get_size() to grub_disk_native_sectors() 2020-12-12 01:19:03 +01:00
partmap mbr: Warn if MBR gap is small and user uses advanced modules 2020-12-12 01:19:03 +01:00
parttool * grub-core/net/http.c: Add TRANSLATORS comments. 2012-03-05 16:42:26 +01:00
script script/execute: Don't crash on a "for" loop with no items 2021-03-02 15:54:17 +01:00
term term/gfxterm: Don't set up a font with glyphs that are too big 2021-03-02 15:54:18 +01:00
tests calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
video video/readers/jpeg: Don't decode data before start of stream 2021-03-02 15:54:18 +01:00
gdb_grub.in * grub-core/gdb_grub.in: Fix overflow and wrong field. 2013-10-14 03:40:20 +02:00
genemuinit.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genemuinitheader.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genmod.sh.in .mod files: Strip annobin annotations and .eh_frame, and their relocations 2018-03-05 14:08:22 +01:00
genmoddep.awk enforcing fixup 2017-08-14 16:27:10 +02:00
gensyminfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00
gensymlist.sh Make 'make check' work on emu. 2013-04-27 02:00:16 +02:00
gentrigtables.c * grub-core/gentrigtables.c: Make tables const. 2013-03-01 11:15:09 +01:00
gmodule.pl.in * grub-core/gmodule.pl.in: Accept newer binutils which output 2014-09-21 18:23:23 +02:00
Makefile.am kern: Add lockdown support 2021-03-02 15:54:15 +01:00
Makefile.core.def kern: Add lockdown support 2021-03-02 15:54:15 +01:00
modinfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00