mirror of
https://git.proxmox.com/git/grub2
synced 2025-11-02 18:31:04 +00:00
3f05d693d1
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:
X = grub_malloc(arithmetic_expr);
It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.
Among other issues, this fixes:
- allocation of integer overflow in grub_video_bitmap_create()
reported by Chris Coulson,
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in grub_squash_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in grub_ext2_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in read_section_as_string()
reported by Chris Coulson.
Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||
|---|---|---|
| .. | ||
| arm | ||
| arm64 | ||
| efi | ||
| i386 | ||
| ia64/efi | ||
| mips | ||
| powerpc/ieee1275 | ||
| riscv | ||
| sparc64/ieee1275 | ||
| aout.c | ||
| linux.c | ||
| lzss.c | ||
| macho32.c | ||
| macho64.c | ||
| macho.c | ||
| machoXX.c | ||
| multiboot_elfxx.c | ||
| multiboot_mbi2.c | ||
| multiboot.c | ||
| xnu_resume.c | ||
| xnu.c | ||