grub: Security fix CVE-2015-8370

CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup (From OE-Core rev: b63e3b57b47e95003a1fb014f90333c327681d5b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-01-31 07:46:32 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-04 23:20:16 +0000
commit: 9a88c1d25561fd3713da4d9bd831feb895da6b19 (patch)
tree: 21de4f7ad9a59cc881fb8e91f56c4fafd7ce1309 /meta
parent: 443b09a61d0611d637ac5c1d1bfc5d6d78e1f184 (diff)
download: poky-9a88c1d25561fd3713da4d9bd831feb895da6b19.tar.gz
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2015-8370.patch b/meta/recipes-bsp/grub/files/CVE-2015-8370.patch
new file mode 100644
index 0000000000..78f514e03d
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2015-8370.patch
@@ -0,0 +1,59 @@
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Wed, 16 Dec 2015 07:57:18 +0300
+Subject: [PATCH] Fix security issue when reading username and password
+This patch fixes two integer underflows at:
+  * grub-core/lib/crypto.c
+  * grub-core/normal/auth.c
+CVE-2015-8370
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
+Upstream-Status: Backport
+http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
+CVE: CVE-2015-8370
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ grub-core/lib/crypto.c  | 3 ++-
+ grub-core/normal/auth.c | 7 +++++--
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+Index: git/grub-core/lib/crypto.c
+===================================================================
+--- git.orig/grub-core/lib/crypto.c
+++ git/grub-core/lib/crypto.c
+@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
+ 
+       if (key == '\b')
+        {
+-         cur_len--;
+         if (cur_len)
+           cur_len--;
+          continue;
+        }
+ 
+Index: git/grub-core/normal/auth.c
+===================================================================
+--- git.orig/grub-core/normal/auth.c
+++ git/grub-core/normal/auth.c
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
+ 
+       if (key == '\b')
+        {
+-         cur_len--;
+-         grub_printf ("\b");
+         if (cur_len)
+           {
+             cur_len--;
+             grub_printf ("\b");
+           }
+          continue;
+        }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 312771b47f..fe2407cef0 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -27,6 +27,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
           file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
           file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
           file://grub2-fix-initrd-size-bug.patch \
+           file://CVE-2015-8370.patch \
            "
 DEPENDS = "flex-native bison-native xz"
author	Armin Kuster <akuster@mvista.com>	2016-01-31 07:46:32 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-04 23:20:16 +0000
commit	9a88c1d25561fd3713da4d9bd831feb895da6b19 (patch)
tree	21de4f7ad9a59cc881fb8e91f56c4fafd7ce1309 /meta
parent	443b09a61d0611d637ac5c1d1bfc5d6d78e1f184 (diff)
download	poky-9a88c1d25561fd3713da4d9bd831feb895da6b19.tar.gz

diff --git a/meta/recipes-bsp/grub/files/CVE-2015-8370.patch b/meta/recipes-bsp/grub/files/CVE-2015-8370.patch new file mode 100644 index 0000000000..78f514e03d --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2015-8370.patch
@@ -0,0 +1,59 @@
		1	From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
		2	From: Hector Marco-Gisbert <hecmargi@upv.es>
		3	Date: Wed, 16 Dec 2015 07:57:18 +0300
		4	Subject: [PATCH] Fix security issue when reading username and password
		5
		6	This patch fixes two integer underflows at:
		7	* grub-core/lib/crypto.c
		8	* grub-core/normal/auth.c
		9
		10	CVE-2015-8370
		11
		12	Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
		13	Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
		14	Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
		15
		16	Upstream-Status: Backport
		17
		18	http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
		19
		20	CVE: CVE-2015-8370
		21	Signed-off-by: Armin Kuster <akuster@mvista.com>
		22
		23	---
		24	grub-core/lib/crypto.c \| 3 ++-
		25	grub-core/normal/auth.c \| 7 +++++--
		26	2 files changed, 7 insertions(+), 3 deletions(-)
		27
		28	Index: git/grub-core/lib/crypto.c
		29	===================================================================
		30	--- git.orig/grub-core/lib/crypto.c
		31	+++ git/grub-core/lib/crypto.c
		32	@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
		33
		34	if (key == '\b')
		35	{
		36	- cur_len--;
		37	+ if (cur_len)
		38	+ cur_len--;
		39	continue;
		40	}
		41
		42	Index: git/grub-core/normal/auth.c
		43	===================================================================
		44	--- git.orig/grub-core/normal/auth.c
		45	+++ git/grub-core/normal/auth.c
		46	@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
		47
		48	if (key == '\b')
		49	{
		50	- cur_len--;
		51	- grub_printf ("\b");
		52	+ if (cur_len)
		53	+ {
		54	+ cur_len--;
		55	+ grub_printf ("\b");
		56	+ }
		57	continue;
		58	}
		59


diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 312771b47f..fe2407cef0 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -27,6 +27,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
27	file://0001-Unset-need_charset_alias-when-building-for-musl.patch \	27	file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
28	file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \	28	file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
29	file://grub2-fix-initrd-size-bug.patch \	29	file://grub2-fix-initrd-size-bug.patch \
		30	file://CVE-2015-8370.patch \
30	"	31	"
31		32
32	DEPENDS = "flex-native bison-native xz"	33	DEPENDS = "flex-native bison-native xz"