diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-02-18 11:05:27 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-02 00:21:37 +0000 |
commit | e97cfd16602ecfae8f786eebcc750b19a8fa4b05 (patch) | |
tree | c5b5eadcd09d786923f40e8cc1ff449cdd592e5a /meta/recipes-bsp | |
parent | 40d7b770308a4fb349665b52c63f02520857d09e (diff) | |
download | poky-e97cfd16602ecfae8f786eebcc750b19a8fa4b05.tar.gz |
grub: fix an integer overflow
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
-rw-r--r-- | meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch | 50 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch new file mode 100644 index 0000000000..dd7fda357d --- /dev/null +++ b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From 2550aaa0c23fdf8b6c54e00c6b838f2e3aa81fe2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Kenny <darren.kenny@oracle.com> | ||
3 | Date: Thu, 21 Jan 2021 11:38:31 +0000 | ||
4 | Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow | ||
5 | |||
6 | The encrypt and decrypt functions expect a grub_size_t. So, we need to | ||
7 | ensure that the constant bit shift is using grub_size_t rather than | ||
8 | unsigned int when it is performing the shift. | ||
9 | |||
10 | Fixes: CID 307788 | ||
11 | |||
12 | Signed-off-by: Darren Kenny <darren.kenny@oracle.com> | ||
13 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
14 | |||
15 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a201ad17caa430aa710654fdf2e6ab4c8166f031] | ||
16 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
17 | --- | ||
18 | grub-core/disk/cryptodisk.c | 8 ++++---- | ||
19 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
20 | |||
21 | diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c | ||
22 | index 5037768..6883f48 100644 | ||
23 | --- a/grub-core/disk/cryptodisk.c | ||
24 | +++ b/grub-core/disk/cryptodisk.c | ||
25 | @@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, | ||
26 | case GRUB_CRYPTODISK_MODE_CBC: | ||
27 | if (do_encrypt) | ||
28 | err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i, | ||
29 | - (1U << dev->log_sector_size), iv); | ||
30 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
31 | else | ||
32 | err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i, | ||
33 | - (1U << dev->log_sector_size), iv); | ||
34 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
35 | if (err) | ||
36 | return err; | ||
37 | break; | ||
38 | @@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, | ||
39 | case GRUB_CRYPTODISK_MODE_PCBC: | ||
40 | if (do_encrypt) | ||
41 | err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i, | ||
42 | - (1U << dev->log_sector_size), iv); | ||
43 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
44 | else | ||
45 | err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i, | ||
46 | - (1U << dev->log_sector_size), iv); | ||
47 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
48 | if (err) | ||
49 | return err; | ||
50 | break; | ||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 2fccdc2d62..130f32551b 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -65,6 +65,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
65 | file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \ | 65 | file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \ |
66 | file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ | 66 | file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ |
67 | file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ | 67 | file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ |
68 | file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ | ||
68 | " | 69 | " |
69 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" | 70 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" |
70 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" | 71 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |