summaryrefslogtreecommitdiffstats
path: root/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
diff options
context:
space:
mode:
authorYongxin Liu <yongxin.liu@windriver.com>2020-11-04 08:43:33 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-11-12 13:07:52 +0000
commitda5ad8a4232beb4de7c0940ef193578e99d36e0f (patch)
treeab44d798a6623873f592b052258bb4a39c044e3e /meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
parent5b716fa8e2562a1f942c2d920a3f727c3841c4f3 (diff)
downloadpoky-da5ad8a4232beb4de7c0940ef193578e99d36e0f.tar.gz
grub: clean up CVE patches
Clean up several patches introduced in commit 6732918498 ("grub:fix several CVEs in grub 2.04"). 1) Add CVE tags to individual patches. 2) Rename upstream patches and prefix them with CVE tags. 3) Add description of reference to upstream patch. (From OE-Core rev: 4f395ad49ef9035954d0fda7b7df14dea18b49a0) Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bcb8b6719beaf6625e6b703e91958fe8afba5819) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch')
-rw-r--r--meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch246
1 files changed, 246 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
new file mode 100644
index 0000000000..c9536e68ef
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
@@ -0,0 +1,246 @@
1From c005f62f5c4b26a77b916c8f76a852324439ecb3 Mon Sep 17 00:00:00 2001
2From: Peter Jones <pjones@redhat.com>
3Date: Mon, 15 Jun 2020 12:15:29 -0400
4Subject: [PATCH 2/9] calloc: Make sure we always have an overflow-checking
5 calloc() available
6
7This tries to make sure that everywhere in this source tree, we always have
8an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
9available, and that they all safely check for overflow and return NULL when
10it would occur.
11
12Upstream-Status: Backport [commit 64e26162ebfe68317c143ca5ec996c892019f8f8
13from https://git.savannah.gnu.org/git/grub.git]
14
15Signed-off-by: Peter Jones <pjones@redhat.com>
16Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
17Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
18---
19 grub-core/kern/emu/misc.c | 12 ++++++++++++
20 grub-core/kern/emu/mm.c | 10 ++++++++++
21 grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++
22 grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++--
23 grub-core/lib/posix_wrap/stdlib.h | 8 +++++++-
24 include/grub/emu/misc.h | 1 +
25 include/grub/mm.h | 6 ++++++
26 7 files changed, 85 insertions(+), 3 deletions(-)
27
28diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
29index 65db79b..dfd8a8e 100644
30--- a/grub-core/kern/emu/misc.c
31+++ b/grub-core/kern/emu/misc.c
32@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
33 exit (1);
34 }
35
36+void *
37+xcalloc (grub_size_t nmemb, grub_size_t size)
38+{
39+ void *p;
40+
41+ p = calloc (nmemb, size);
42+ if (!p)
43+ grub_util_error ("%s", _("out of memory"));
44+
45+ return p;
46+}
47+
48 void *
49 xmalloc (grub_size_t size)
50 {
51diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
52index f262e95..145b01d 100644
53--- a/grub-core/kern/emu/mm.c
54+++ b/grub-core/kern/emu/mm.c
55@@ -25,6 +25,16 @@
56 #include <string.h>
57 #include <grub/i18n.h>
58
59+void *
60+grub_calloc (grub_size_t nmemb, grub_size_t size)
61+{
62+ void *ret;
63+ ret = calloc (nmemb, size);
64+ if (!ret)
65+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
66+ return ret;
67+}
68+
69 void *
70 grub_malloc (grub_size_t size)
71 {
72diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
73index ee88ff6..f2822a8 100644
74--- a/grub-core/kern/mm.c
75+++ b/grub-core/kern/mm.c
76@@ -67,8 +67,10 @@
77 #include <grub/dl.h>
78 #include <grub/i18n.h>
79 #include <grub/mm_private.h>
80+#include <grub/safemath.h>
81
82 #ifdef MM_DEBUG
83+# undef grub_calloc
84 # undef grub_malloc
85 # undef grub_zalloc
86 # undef grub_realloc
87@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
88 return 0;
89 }
90
91+/*
92+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
93+ * integer overflow.
94+ */
95+void *
96+grub_calloc (grub_size_t nmemb, grub_size_t size)
97+{
98+ void *ret;
99+ grub_size_t sz = 0;
100+
101+ if (grub_mul (nmemb, size, &sz))
102+ {
103+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
104+ return NULL;
105+ }
106+
107+ ret = grub_memalign (0, sz);
108+ if (!ret)
109+ return NULL;
110+
111+ grub_memset (ret, 0, sz);
112+ return ret;
113+}
114+
115 /* Allocate SIZE bytes and return the pointer. */
116 void *
117 grub_malloc (grub_size_t size)
118@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
119 grub_printf ("\n");
120 }
121
122+void *
123+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
124+{
125+ void *ptr;
126+
127+ if (grub_mm_debug)
128+ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
129+ file, line, size);
130+ ptr = grub_calloc (nmemb, size);
131+ if (grub_mm_debug)
132+ grub_printf ("%p\n", ptr);
133+ return ptr;
134+}
135+
136 void *
137 grub_debug_malloc (const char *file, int line, grub_size_t size)
138 {
139diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
140index beeb661..74c6eaf 100644
141--- a/grub-core/lib/libgcrypt_wrap/mem.c
142+++ b/grub-core/lib/libgcrypt_wrap/mem.c
143@@ -4,6 +4,7 @@
144 #include <grub/crypto.h>
145 #include <grub/dl.h>
146 #include <grub/env.h>
147+#include <grub/safemath.h>
148
149 GRUB_MOD_LICENSE ("GPLv3+");
150
151@@ -36,7 +37,10 @@ void *
152 gcry_xcalloc (size_t n, size_t m)
153 {
154 void *ret;
155- ret = grub_zalloc (n * m);
156+ size_t sz;
157+ if (grub_mul (n, m, &sz))
158+ grub_fatal ("gcry_xcalloc would overflow");
159+ ret = grub_zalloc (sz);
160 if (!ret)
161 grub_fatal ("gcry_xcalloc failed");
162 return ret;
163@@ -56,7 +60,10 @@ void *
164 gcry_xcalloc_secure (size_t n, size_t m)
165 {
166 void *ret;
167- ret = grub_zalloc (n * m);
168+ size_t sz;
169+ if (grub_mul (n, m, &sz))
170+ grub_fatal ("gcry_xcalloc would overflow");
171+ ret = grub_zalloc (sz);
172 if (!ret)
173 grub_fatal ("gcry_xcalloc failed");
174 return ret;
175diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
176index 3b46f47..7a8d385 100644
177--- a/grub-core/lib/posix_wrap/stdlib.h
178+++ b/grub-core/lib/posix_wrap/stdlib.h
179@@ -21,6 +21,7 @@
180
181 #include <grub/mm.h>
182 #include <grub/misc.h>
183+#include <grub/safemath.h>
184
185 static inline void
186 free (void *ptr)
187@@ -37,7 +38,12 @@ malloc (grub_size_t size)
188 static inline void *
189 calloc (grub_size_t size, grub_size_t nelem)
190 {
191- return grub_zalloc (size * nelem);
192+ grub_size_t sz;
193+
194+ if (grub_mul (size, nelem, &sz))
195+ return NULL;
196+
197+ return grub_zalloc (sz);
198 }
199
200 static inline void *
201diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
202index ce464cf..ff9c48a 100644
203--- a/include/grub/emu/misc.h
204+++ b/include/grub/emu/misc.h
205@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
206 #define GRUB_HOST_PRIuLONG_LONG "llu"
207 #define GRUB_HOST_PRIxLONG_LONG "llx"
208
209+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
210 void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
211 void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
212 char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
213diff --git a/include/grub/mm.h b/include/grub/mm.h
214index 28e2e53..9c38dd3 100644
215--- a/include/grub/mm.h
216+++ b/include/grub/mm.h
217@@ -29,6 +29,7 @@
218 #endif
219
220 void grub_mm_init_region (void *addr, grub_size_t size);
221+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
222 void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
223 void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
224 void EXPORT_FUNC(grub_free) (void *ptr);
225@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
226 void grub_mm_dump_free (void);
227 void grub_mm_dump (unsigned lineno);
228
229+#define grub_calloc(nmemb, size) \
230+ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
231+
232 #define grub_malloc(size) \
233 grub_debug_malloc (GRUB_FILE, __LINE__, size)
234
235@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
236 #define grub_free(ptr) \
237 grub_debug_free (GRUB_FILE, __LINE__, ptr)
238
239+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
240+ grub_size_t nmemb, grub_size_t size);
241 void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
242 grub_size_t size);
243 void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
244--
2452.14.4
246