diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-02-18 11:05:28 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-02 00:21:37 +0000 |
commit | 3348511b945c5b61e279a22f9be3c18416584ec9 (patch) | |
tree | c1abe7c3f4092cb980af7c108e957f94acce8947 /meta/recipes-bsp | |
parent | e97cfd16602ecfae8f786eebcc750b19a8fa4b05 (diff) | |
download | poky-3348511b945c5b61e279a22f9be3c18416584ec9.tar.gz |
grub: add a fix for a length check
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
-rw-r--r-- | meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch | 43 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch new file mode 100644 index 0000000000..eb459c547f --- /dev/null +++ b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From 7c1813eeec78892fa651046cc224ae4e80d0c94d Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Kenny <darren.kenny@oracle.com> | ||
3 | Date: Fri, 23 Oct 2020 17:09:31 +0000 | ||
4 | Subject: [PATCH] hfsplus: Check that the volume name length is valid | ||
5 | |||
6 | HFS+ documentation suggests that the maximum filename and volume name is | ||
7 | 255 Unicode characters in length. | ||
8 | |||
9 | So, when converting from big-endian to little-endian, we should ensure | ||
10 | that the name of the volume has a length that is between 0 and 255, | ||
11 | inclusive. | ||
12 | |||
13 | Fixes: CID 73641 | ||
14 | |||
15 | Signed-off-by: Darren Kenny <darren.kenny@oracle.com> | ||
16 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
17 | |||
18 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2298f6e0d951251bb9ca97d891d1bc8b74515f8c] | ||
19 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
20 | --- | ||
21 | grub-core/fs/hfsplus.c | 9 +++++++++ | ||
22 | 1 file changed, 9 insertions(+) | ||
23 | |||
24 | diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c | ||
25 | index dae43be..03c3c4c 100644 | ||
26 | --- a/grub-core/fs/hfsplus.c | ||
27 | +++ b/grub-core/fs/hfsplus.c | ||
28 | @@ -1007,6 +1007,15 @@ grub_hfsplus_label (grub_device_t device, char **label) | ||
29 | grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); | ||
30 | |||
31 | label_len = grub_be_to_cpu16 (catkey->namelen); | ||
32 | + | ||
33 | + /* Ensure that the length is >= 0. */ | ||
34 | + if (label_len < 0) | ||
35 | + label_len = 0; | ||
36 | + | ||
37 | + /* Ensure label length is at most 255 Unicode characters. */ | ||
38 | + if (label_len > 255) | ||
39 | + label_len = 255; | ||
40 | + | ||
41 | label_name = grub_calloc (label_len, sizeof (*label_name)); | ||
42 | if (!label_name) | ||
43 | { | ||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 130f32551b..3c5274fd96 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -66,6 +66,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
66 | file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ | 66 | file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ |
67 | file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ | 67 | file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ |
68 | file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ | 68 | file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ |
69 | file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \ | ||
69 | " | 70 | " |
70 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" | 71 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" |
71 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" | 72 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |