diff options
author | Awais Belal <awais_belal@mentor.com> | 2015-12-23 16:10:34 +0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-07 13:40:15 +0000 |
commit | d6e0da41bf7ea3502ae629f3ee11e932224ce736 (patch) | |
tree | cd58c935a8f79b7be9b3a71dedf4fa57f4b5888a /meta/recipes-bsp | |
parent | bb663b0c286112b61c4d404e1753042d30456b16 (diff) | |
download | poky-d6e0da41bf7ea3502ae629f3ee11e932224ce736.tar.gz |
grub2: Fix CVE-2015-8370
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
(From OE-Core rev: 7d0779b0133f253d06740653d8d1b8276dbcab7f)
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
-rw-r--r-- | meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | 52 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch new file mode 100644 index 0000000000..f9252e9c22 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | Upstream-Status: Accepted | ||
2 | Signed-off-by: Awais Belal <awais_belal@mentor.com> | ||
3 | |||
4 | From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 | ||
5 | From: Hector Marco-Gisbert <hecmargi@upv.es> | ||
6 | Date: Wed, 16 Dec 2015 04:57:18 +0000 | ||
7 | Subject: Fix security issue when reading username and password | ||
8 | |||
9 | This patch fixes two integer underflows at: | ||
10 | * grub-core/lib/crypto.c | ||
11 | * grub-core/normal/auth.c | ||
12 | |||
13 | CVE-2015-8370 | ||
14 | |||
15 | Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> | ||
16 | Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> | ||
17 | Also-By: Andrey Borzenkov <arvidjaar@gmail.com> | ||
18 | --- | ||
19 | diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c | ||
20 | index 010e550..683a8aa 100644 | ||
21 | --- a/grub-core/lib/crypto.c | ||
22 | +++ b/grub-core/lib/crypto.c | ||
23 | @@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) | ||
24 | |||
25 | if (key == '\b') | ||
26 | { | ||
27 | - cur_len--; | ||
28 | + if (cur_len) | ||
29 | + cur_len--; | ||
30 | continue; | ||
31 | } | ||
32 | |||
33 | diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c | ||
34 | index c6bd96e..8615c48 100644 | ||
35 | --- a/grub-core/normal/auth.c | ||
36 | +++ b/grub-core/normal/auth.c | ||
37 | @@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) | ||
38 | |||
39 | if (key == '\b') | ||
40 | { | ||
41 | - cur_len--; | ||
42 | - grub_printf ("\b"); | ||
43 | + if (cur_len) | ||
44 | + { | ||
45 | + cur_len--; | ||
46 | + grub_printf ("\b"); | ||
47 | + } | ||
48 | continue; | ||
49 | } | ||
50 | |||
51 | -- | ||
52 | cgit v0.9.0.2 | ||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 312771b47f..a8c41f8e28 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -27,6 +27,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \ | |||
27 | file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ | 27 | file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ |
28 | file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ | 28 | file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ |
29 | file://grub2-fix-initrd-size-bug.patch \ | 29 | file://grub2-fix-initrd-size-bug.patch \ |
30 | file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \ | ||
30 | " | 31 | " |
31 | 32 | ||
32 | DEPENDS = "flex-native bison-native xz" | 33 | DEPENDS = "flex-native bison-native xz" |