diff --git a/Fix-the-size-calculation-for-the-synthesized-initrd.patch b/Fix-the-size-calculation-for-the-synthesized-initrd.patch new file mode 100644 index 0000000..8c4e2c1 --- /dev/null +++ b/Fix-the-size-calculation-for-the-synthesized-initrd.patch @@ -0,0 +1,86 @@ +From d441356c924102b43b303520cc1c62a624b014d6 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 26 Oct 2023 13:18:24 +0800 +Subject: [PATCH] Fix the size calculation for the synthesized initrd + +When calculating the size of the synthesized initrd in +grub_initrd_component(), the ending "TRAILER!!!" is counted in for every +synthesized initrd. However, in grub_initrd_load(), only one "TRAILER!!!" +will be appended for one group of consecutive synthesized initrds. The +additional size calculation for the ending "TRAILER!!!" could make the +linux kernel to read uninitialized bytes and result in the error message +like this: + +Initramfs unpacking failed: invalid magic at start of compressed archive + +To fit into the original 'newc' design, the ending "TRAILER!!!" is +removed from grub_initrd_component(). Instead, in grub_initrd_init(), +the 'newc' flag is set when calculating size of the synthesized initrd +to append the ending "TRAILER!!!" later. As for grub_initrd_load(), +since the path to the unsealed key is specified in 'newc_name', it's +unnecessary to set the 'newc' flag while copying the unsealed key +because the flag is already set when parsing the path name. + +Signed-off-by: Gary Lin +--- + grub-core/loader/linux.c | 23 ++++++++--------------- + 1 file changed, 8 insertions(+), 15 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 4e028f5..9ee8f37 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -209,13 +209,6 @@ grub_initrd_component (const char *buf, int bufsz, const char *newc_name, + &initrd_ctx->size)) + goto overflow; + +- initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); +- if (grub_add (initrd_ctx->size, +- ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4), +- &initrd_ctx->size)) +- goto overflow; +- + free_dir (root); + root = 0; + return GRUB_ERR_NONE; +@@ -312,6 +305,13 @@ grub_initrd_init (int argc, char *argv[], + goto overflow; + } + ++ FOR_LIST_ELEMENTS (pk, kpuber) ++ if (pk->key && pk->path) ++ { ++ grub_initrd_component (pk->key, pk->key_len, pk->path, initrd_ctx); ++ newc = 1; ++ } ++ + if (newc) + { + initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); +@@ -324,10 +324,6 @@ grub_initrd_init (int argc, char *argv[], + root = 0; + } + +- FOR_LIST_ELEMENTS (pk, kpuber) +- if (pk->key && pk->path) +- grub_initrd_component (pk->key, pk->key_len, pk->path, initrd_ctx); +- + return GRUB_ERR_NONE; + + overflow: +@@ -404,10 +400,7 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + + cursize = initrd_ctx->components[i].size; + if (initrd_ctx->components[i].buf) +- { +- grub_memcpy (ptr, initrd_ctx->components[i].buf, cursize); +- newc = 1; +- } ++ grub_memcpy (ptr, initrd_ctx->components[i].buf, cursize); + else if (grub_file_read (initrd_ctx->components[i].file, ptr, cursize) + != cursize) + { +-- +2.35.3 + diff --git a/grub2.changes b/grub2.changes index bc3741b..c106789 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Oct 26 06:04:54 UTC 2023 - Gary Ching-Pang Lin + +- Fix a potential error when appending multiple keys into the + synthesized initrd + * Fix-the-size-calculation-for-the-synthesized-initrd.patch + ------------------------------------------------------------------- Wed Oct 25 01:56:09 UTC 2023 - Michael Chang diff --git a/grub2.spec b/grub2.spec index dd80a47..e93700c 100644 --- a/grub2.spec +++ b/grub2.spec @@ -388,6 +388,7 @@ Patch195: 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch Patch196: 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch Patch197: 0006-fs-ntfs-Make-code-more-readable.patch Patch198: 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch +Patch199: Fix-the-size-calculation-for-the-synthesized-initrd.patch Requires: gettext-runtime %if 0%{?suse_version} >= 1140