mirror of
https://git.proxmox.com/git/grub2
synced 2025-08-14 02:42:02 +00:00
f407a45bd3
GRUB has special code for handling an http header that is split across two packets. The code tracks the end of line by looking for a "\n" byte. The code for split headers has always advanced the pointer just past the end of the line, whereas the code that handles unsplit headers does not advance the pointer. This extra advance causes the length to be one greater, which breaks an assumption in parse_line(), leading to it writing a NUL byte one byte past the end of the buffer where we reconstruct the line from the two packets. It's conceivable that an attacker controlled set of packets could cause this to zero out the first byte of the "next" pointer of the grub_mm_region structure following the current_line buffer. Do not advance the pointer in the split header case. Fixes: CVE-2022-28734 Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
||
|---|---|---|
| asm-tests | ||
| build-aux | ||
| conf | ||
| docs | ||
| grub-core | ||
| include | ||
| m4 | ||
| po | ||
| tests | ||
| themes/starfield | ||
| unicode | ||
| util | ||
| ABOUT-NLS | ||
| acinclude.m4 | ||
| aclocal.m4 | ||
| AUTHORS | ||
| autogen.sh | ||
| BUGS | ||
| ChangeLog | ||
| ChangeLog-2015 | ||
| config-util.h.in | ||
| config.h.in | ||
| configure | ||
| configure.ac | ||
| COPYING | ||
| coreboot.cfg | ||
| geninit.sh | ||
| gentpl.py | ||
| INSTALL | ||
| linguas.sh | ||
| Makefile.am | ||
| Makefile.in | ||
| Makefile.util.am | ||
| Makefile.util.def | ||
| Makefile.utilgcry.def | ||
| NEWS | ||
| README | ||
| stamp-h.in | ||
| THANKS | ||
| TODO | ||
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. See the file MAINTAINERS for information about the GRUB maintainers, etc. If you found a security vulnerability in the GRUB please check the SECURITY file to get more information how to properly report this kind of bugs to the maintainers. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'