diff options
author | Yongxin Liu <yongxin.liu@windriver.com> | 2020-11-04 08:43:33 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-11-12 13:07:52 +0000 |
commit | da5ad8a4232beb4de7c0940ef193578e99d36e0f (patch) | |
tree | ab44d798a6623873f592b052258bb4a39c044e3e /meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch | |
parent | 5b716fa8e2562a1f942c2d920a3f727c3841c4f3 (diff) | |
download | poky-da5ad8a4232beb4de7c0940ef193578e99d36e0f.tar.gz |
grub: clean up CVE patches
Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
(From OE-Core rev: 4f395ad49ef9035954d0fda7b7df14dea18b49a0)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bcb8b6719beaf6625e6b703e91958fe8afba5819)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch')
-rw-r--r-- | meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch | 246 |
1 files changed, 246 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch new file mode 100644 index 0000000000..c9536e68ef --- /dev/null +++ b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch | |||
@@ -0,0 +1,246 @@ | |||
1 | From c005f62f5c4b26a77b916c8f76a852324439ecb3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Peter Jones <pjones@redhat.com> | ||
3 | Date: Mon, 15 Jun 2020 12:15:29 -0400 | ||
4 | Subject: [PATCH 2/9] calloc: Make sure we always have an overflow-checking | ||
5 | calloc() available | ||
6 | |||
7 | This tries to make sure that everywhere in this source tree, we always have | ||
8 | an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) | ||
9 | available, and that they all safely check for overflow and return NULL when | ||
10 | it would occur. | ||
11 | |||
12 | Upstream-Status: Backport [commit 64e26162ebfe68317c143ca5ec996c892019f8f8 | ||
13 | from https://git.savannah.gnu.org/git/grub.git] | ||
14 | |||
15 | Signed-off-by: Peter Jones <pjones@redhat.com> | ||
16 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
17 | Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> | ||
18 | --- | ||
19 | grub-core/kern/emu/misc.c | 12 ++++++++++++ | ||
20 | grub-core/kern/emu/mm.c | 10 ++++++++++ | ||
21 | grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++ | ||
22 | grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++-- | ||
23 | grub-core/lib/posix_wrap/stdlib.h | 8 +++++++- | ||
24 | include/grub/emu/misc.h | 1 + | ||
25 | include/grub/mm.h | 6 ++++++ | ||
26 | 7 files changed, 85 insertions(+), 3 deletions(-) | ||
27 | |||
28 | diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c | ||
29 | index 65db79b..dfd8a8e 100644 | ||
30 | --- a/grub-core/kern/emu/misc.c | ||
31 | +++ b/grub-core/kern/emu/misc.c | ||
32 | @@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) | ||
33 | exit (1); | ||
34 | } | ||
35 | |||
36 | +void * | ||
37 | +xcalloc (grub_size_t nmemb, grub_size_t size) | ||
38 | +{ | ||
39 | + void *p; | ||
40 | + | ||
41 | + p = calloc (nmemb, size); | ||
42 | + if (!p) | ||
43 | + grub_util_error ("%s", _("out of memory")); | ||
44 | + | ||
45 | + return p; | ||
46 | +} | ||
47 | + | ||
48 | void * | ||
49 | xmalloc (grub_size_t size) | ||
50 | { | ||
51 | diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c | ||
52 | index f262e95..145b01d 100644 | ||
53 | --- a/grub-core/kern/emu/mm.c | ||
54 | +++ b/grub-core/kern/emu/mm.c | ||
55 | @@ -25,6 +25,16 @@ | ||
56 | #include <string.h> | ||
57 | #include <grub/i18n.h> | ||
58 | |||
59 | +void * | ||
60 | +grub_calloc (grub_size_t nmemb, grub_size_t size) | ||
61 | +{ | ||
62 | + void *ret; | ||
63 | + ret = calloc (nmemb, size); | ||
64 | + if (!ret) | ||
65 | + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); | ||
66 | + return ret; | ||
67 | +} | ||
68 | + | ||
69 | void * | ||
70 | grub_malloc (grub_size_t size) | ||
71 | { | ||
72 | diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c | ||
73 | index ee88ff6..f2822a8 100644 | ||
74 | --- a/grub-core/kern/mm.c | ||
75 | +++ b/grub-core/kern/mm.c | ||
76 | @@ -67,8 +67,10 @@ | ||
77 | #include <grub/dl.h> | ||
78 | #include <grub/i18n.h> | ||
79 | #include <grub/mm_private.h> | ||
80 | +#include <grub/safemath.h> | ||
81 | |||
82 | #ifdef MM_DEBUG | ||
83 | +# undef grub_calloc | ||
84 | # undef grub_malloc | ||
85 | # undef grub_zalloc | ||
86 | # undef grub_realloc | ||
87 | @@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) | ||
88 | return 0; | ||
89 | } | ||
90 | |||
91 | +/* | ||
92 | + * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on | ||
93 | + * integer overflow. | ||
94 | + */ | ||
95 | +void * | ||
96 | +grub_calloc (grub_size_t nmemb, grub_size_t size) | ||
97 | +{ | ||
98 | + void *ret; | ||
99 | + grub_size_t sz = 0; | ||
100 | + | ||
101 | + if (grub_mul (nmemb, size, &sz)) | ||
102 | + { | ||
103 | + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); | ||
104 | + return NULL; | ||
105 | + } | ||
106 | + | ||
107 | + ret = grub_memalign (0, sz); | ||
108 | + if (!ret) | ||
109 | + return NULL; | ||
110 | + | ||
111 | + grub_memset (ret, 0, sz); | ||
112 | + return ret; | ||
113 | +} | ||
114 | + | ||
115 | /* Allocate SIZE bytes and return the pointer. */ | ||
116 | void * | ||
117 | grub_malloc (grub_size_t size) | ||
118 | @@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) | ||
119 | grub_printf ("\n"); | ||
120 | } | ||
121 | |||
122 | +void * | ||
123 | +grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) | ||
124 | +{ | ||
125 | + void *ptr; | ||
126 | + | ||
127 | + if (grub_mm_debug) | ||
128 | + grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", | ||
129 | + file, line, size); | ||
130 | + ptr = grub_calloc (nmemb, size); | ||
131 | + if (grub_mm_debug) | ||
132 | + grub_printf ("%p\n", ptr); | ||
133 | + return ptr; | ||
134 | +} | ||
135 | + | ||
136 | void * | ||
137 | grub_debug_malloc (const char *file, int line, grub_size_t size) | ||
138 | { | ||
139 | diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c | ||
140 | index beeb661..74c6eaf 100644 | ||
141 | --- a/grub-core/lib/libgcrypt_wrap/mem.c | ||
142 | +++ b/grub-core/lib/libgcrypt_wrap/mem.c | ||
143 | @@ -4,6 +4,7 @@ | ||
144 | #include <grub/crypto.h> | ||
145 | #include <grub/dl.h> | ||
146 | #include <grub/env.h> | ||
147 | +#include <grub/safemath.h> | ||
148 | |||
149 | GRUB_MOD_LICENSE ("GPLv3+"); | ||
150 | |||
151 | @@ -36,7 +37,10 @@ void * | ||
152 | gcry_xcalloc (size_t n, size_t m) | ||
153 | { | ||
154 | void *ret; | ||
155 | - ret = grub_zalloc (n * m); | ||
156 | + size_t sz; | ||
157 | + if (grub_mul (n, m, &sz)) | ||
158 | + grub_fatal ("gcry_xcalloc would overflow"); | ||
159 | + ret = grub_zalloc (sz); | ||
160 | if (!ret) | ||
161 | grub_fatal ("gcry_xcalloc failed"); | ||
162 | return ret; | ||
163 | @@ -56,7 +60,10 @@ void * | ||
164 | gcry_xcalloc_secure (size_t n, size_t m) | ||
165 | { | ||
166 | void *ret; | ||
167 | - ret = grub_zalloc (n * m); | ||
168 | + size_t sz; | ||
169 | + if (grub_mul (n, m, &sz)) | ||
170 | + grub_fatal ("gcry_xcalloc would overflow"); | ||
171 | + ret = grub_zalloc (sz); | ||
172 | if (!ret) | ||
173 | grub_fatal ("gcry_xcalloc failed"); | ||
174 | return ret; | ||
175 | diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h | ||
176 | index 3b46f47..7a8d385 100644 | ||
177 | --- a/grub-core/lib/posix_wrap/stdlib.h | ||
178 | +++ b/grub-core/lib/posix_wrap/stdlib.h | ||
179 | @@ -21,6 +21,7 @@ | ||
180 | |||
181 | #include <grub/mm.h> | ||
182 | #include <grub/misc.h> | ||
183 | +#include <grub/safemath.h> | ||
184 | |||
185 | static inline void | ||
186 | free (void *ptr) | ||
187 | @@ -37,7 +38,12 @@ malloc (grub_size_t size) | ||
188 | static inline void * | ||
189 | calloc (grub_size_t size, grub_size_t nelem) | ||
190 | { | ||
191 | - return grub_zalloc (size * nelem); | ||
192 | + grub_size_t sz; | ||
193 | + | ||
194 | + if (grub_mul (size, nelem, &sz)) | ||
195 | + return NULL; | ||
196 | + | ||
197 | + return grub_zalloc (sz); | ||
198 | } | ||
199 | |||
200 | static inline void * | ||
201 | diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h | ||
202 | index ce464cf..ff9c48a 100644 | ||
203 | --- a/include/grub/emu/misc.h | ||
204 | +++ b/include/grub/emu/misc.h | ||
205 | @@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); | ||
206 | #define GRUB_HOST_PRIuLONG_LONG "llu" | ||
207 | #define GRUB_HOST_PRIxLONG_LONG "llx" | ||
208 | |||
209 | +void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; | ||
210 | void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; | ||
211 | void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; | ||
212 | char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; | ||
213 | diff --git a/include/grub/mm.h b/include/grub/mm.h | ||
214 | index 28e2e53..9c38dd3 100644 | ||
215 | --- a/include/grub/mm.h | ||
216 | +++ b/include/grub/mm.h | ||
217 | @@ -29,6 +29,7 @@ | ||
218 | #endif | ||
219 | |||
220 | void grub_mm_init_region (void *addr, grub_size_t size); | ||
221 | +void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); | ||
222 | void *EXPORT_FUNC(grub_malloc) (grub_size_t size); | ||
223 | void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); | ||
224 | void EXPORT_FUNC(grub_free) (void *ptr); | ||
225 | @@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); | ||
226 | void grub_mm_dump_free (void); | ||
227 | void grub_mm_dump (unsigned lineno); | ||
228 | |||
229 | +#define grub_calloc(nmemb, size) \ | ||
230 | + grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) | ||
231 | + | ||
232 | #define grub_malloc(size) \ | ||
233 | grub_debug_malloc (GRUB_FILE, __LINE__, size) | ||
234 | |||
235 | @@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); | ||
236 | #define grub_free(ptr) \ | ||
237 | grub_debug_free (GRUB_FILE, __LINE__, ptr) | ||
238 | |||
239 | +void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, | ||
240 | + grub_size_t nmemb, grub_size_t size); | ||
241 | void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, | ||
242 | grub_size_t size); | ||
243 | void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, | ||
244 | -- | ||
245 | 2.14.4 | ||
246 | |||