diff options
author | Armin Kuster <akuster@mvista.com> | 2016-01-31 07:46:32 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-04 23:20:16 +0000 |
commit | 9a88c1d25561fd3713da4d9bd831feb895da6b19 (patch) | |
tree | 21de4f7ad9a59cc881fb8e91f56c4fafd7ce1309 /meta/recipes-bsp | |
parent | 443b09a61d0611d637ac5c1d1bfc5d6d78e1f184 (diff) | |
download | poky-9a88c1d25561fd3713da4d9bd831feb895da6b19.tar.gz |
grub: Security fix CVE-2015-8370
CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup
(From OE-Core rev: b63e3b57b47e95003a1fb014f90333c327681d5b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2015-8370.patch | 59 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2015-8370.patch b/meta/recipes-bsp/grub/files/CVE-2015-8370.patch new file mode 100644 index 0000000000..78f514e03d --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2015-8370.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hector Marco-Gisbert <hecmargi@upv.es> | ||
3 | Date: Wed, 16 Dec 2015 07:57:18 +0300 | ||
4 | Subject: [PATCH] Fix security issue when reading username and password | ||
5 | |||
6 | This patch fixes two integer underflows at: | ||
7 | * grub-core/lib/crypto.c | ||
8 | * grub-core/normal/auth.c | ||
9 | |||
10 | CVE-2015-8370 | ||
11 | |||
12 | Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> | ||
13 | Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> | ||
14 | Also-By: Andrey Borzenkov <arvidjaar@gmail.com> | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | |||
18 | http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 | ||
19 | |||
20 | CVE: CVE-2015-8370 | ||
21 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
22 | |||
23 | --- | ||
24 | grub-core/lib/crypto.c | 3 ++- | ||
25 | grub-core/normal/auth.c | 7 +++++-- | ||
26 | 2 files changed, 7 insertions(+), 3 deletions(-) | ||
27 | |||
28 | Index: git/grub-core/lib/crypto.c | ||
29 | =================================================================== | ||
30 | --- git.orig/grub-core/lib/crypto.c | ||
31 | +++ git/grub-core/lib/crypto.c | ||
32 | @@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned | ||
33 | |||
34 | if (key == '\b') | ||
35 | { | ||
36 | - cur_len--; | ||
37 | + if (cur_len) | ||
38 | + cur_len--; | ||
39 | continue; | ||
40 | } | ||
41 | |||
42 | Index: git/grub-core/normal/auth.c | ||
43 | =================================================================== | ||
44 | --- git.orig/grub-core/normal/auth.c | ||
45 | +++ git/grub-core/normal/auth.c | ||
46 | @@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned | ||
47 | |||
48 | if (key == '\b') | ||
49 | { | ||
50 | - cur_len--; | ||
51 | - grub_printf ("\b"); | ||
52 | + if (cur_len) | ||
53 | + { | ||
54 | + cur_len--; | ||
55 | + grub_printf ("\b"); | ||
56 | + } | ||
57 | continue; | ||
58 | } | ||
59 | |||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 312771b47f..fe2407cef0 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -27,6 +27,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \ | |||
27 | file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ | 27 | file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ |
28 | file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ | 28 | file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ |
29 | file://grub2-fix-initrd-size-bug.patch \ | 29 | file://grub2-fix-initrd-size-bug.patch \ |
30 | file://CVE-2015-8370.patch \ | ||
30 | " | 31 | " |
31 | 32 | ||
32 | DEPENDS = "flex-native bison-native xz" | 33 | DEPENDS = "flex-native bison-native xz" |