diff options
Diffstat (limited to 'meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch')
-rw-r--r-- | meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch new file mode 100644 index 0000000000..dd7fda357d --- /dev/null +++ b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From 2550aaa0c23fdf8b6c54e00c6b838f2e3aa81fe2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Kenny <darren.kenny@oracle.com> | ||
3 | Date: Thu, 21 Jan 2021 11:38:31 +0000 | ||
4 | Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow | ||
5 | |||
6 | The encrypt and decrypt functions expect a grub_size_t. So, we need to | ||
7 | ensure that the constant bit shift is using grub_size_t rather than | ||
8 | unsigned int when it is performing the shift. | ||
9 | |||
10 | Fixes: CID 307788 | ||
11 | |||
12 | Signed-off-by: Darren Kenny <darren.kenny@oracle.com> | ||
13 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
14 | |||
15 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a201ad17caa430aa710654fdf2e6ab4c8166f031] | ||
16 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
17 | --- | ||
18 | grub-core/disk/cryptodisk.c | 8 ++++---- | ||
19 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
20 | |||
21 | diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c | ||
22 | index 5037768..6883f48 100644 | ||
23 | --- a/grub-core/disk/cryptodisk.c | ||
24 | +++ b/grub-core/disk/cryptodisk.c | ||
25 | @@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, | ||
26 | case GRUB_CRYPTODISK_MODE_CBC: | ||
27 | if (do_encrypt) | ||
28 | err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i, | ||
29 | - (1U << dev->log_sector_size), iv); | ||
30 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
31 | else | ||
32 | err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i, | ||
33 | - (1U << dev->log_sector_size), iv); | ||
34 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
35 | if (err) | ||
36 | return err; | ||
37 | break; | ||
38 | @@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, | ||
39 | case GRUB_CRYPTODISK_MODE_PCBC: | ||
40 | if (do_encrypt) | ||
41 | err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i, | ||
42 | - (1U << dev->log_sector_size), iv); | ||
43 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
44 | else | ||
45 | err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i, | ||
46 | - (1U << dev->log_sector_size), iv); | ||
47 | + ((grub_size_t) 1 << dev->log_sector_size), iv); | ||
48 | if (err) | ||
49 | return err; | ||
50 | break; | ||