2b76639968
- 0004-tpm-Rework-linux-command.patch : Fix out of bound memory copy (bsc#1029187) OBS-URL: https://build.opensuse.org/request/show/480763 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=265
105 lines
3.4 KiB
Diff
105 lines
3.4 KiB
Diff
From 9f12cf163e56d3b5f03c8a5da94dc501032312eb Mon Sep 17 00:00:00 2001
|
|
From: Matthew Garrett <mjg59@coreos.com>
|
|
Date: Sun, 9 Aug 2015 16:12:39 -0700
|
|
Subject: [PATCH 04/11] Rework linux command
|
|
|
|
We want a single buffer that contains the entire kernel image in order to
|
|
perform a TPM measurement. Allocate one and copy the entire kernel into it
|
|
before pulling out the individual blocks later on.
|
|
---
|
|
grub-core/loader/i386/linux.c | 34 +++++++++++++++++++++-------------
|
|
1 file changed, 21 insertions(+), 13 deletions(-)
|
|
|
|
Index: grub-2.02~rc1/grub-core/loader/i386/linux.c
|
|
===================================================================
|
|
--- grub-2.02~rc1.orig/grub-core/loader/i386/linux.c
|
|
+++ grub-2.02~rc1/grub-core/loader/i386/linux.c
|
|
@@ -680,12 +680,13 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
grub_file_t file = 0;
|
|
struct linux_kernel_header lh;
|
|
grub_uint8_t setup_sects;
|
|
- grub_size_t real_size, prot_size, prot_file_size;
|
|
+ grub_size_t real_size, prot_size, prot_file_size, kernel_offset;
|
|
grub_ssize_t len;
|
|
int i;
|
|
grub_size_t align, min_align;
|
|
int relocatable;
|
|
grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR;
|
|
+ grub_uint8_t *kernel = NULL;
|
|
|
|
grub_dl_ref (my_mod);
|
|
|
|
@@ -699,7 +700,15 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
if (! file)
|
|
goto fail;
|
|
|
|
- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
|
|
+ len = grub_file_size (file);
|
|
+ kernel = grub_malloc (len);
|
|
+ if (!kernel)
|
|
+ {
|
|
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+ if (grub_file_read (file, kernel, len) != len)
|
|
{
|
|
if (!grub_errno)
|
|
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
@@ -707,6 +716,9 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
goto fail;
|
|
}
|
|
|
|
+ grub_memcpy (&lh, kernel, sizeof (lh));
|
|
+ kernel_offset = sizeof (lh);
|
|
+
|
|
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
|
|
{
|
|
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
|
|
@@ -806,13 +818,9 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
linux_params.ps_mouse = linux_params.padding10 = 0;
|
|
|
|
len = sizeof (linux_params) - sizeof (lh);
|
|
- if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len)
|
|
- {
|
|
- if (!grub_errno)
|
|
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
- argv[0]);
|
|
- goto fail;
|
|
- }
|
|
+
|
|
+ grub_memcpy ((char *)&linux_params + sizeof (lh), kernel + kernel_offset, len);
|
|
+ kernel_offset += len;
|
|
|
|
linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
|
|
|
|
@@ -871,7 +879,7 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
|
|
/* The other parameters are filled when booting. */
|
|
|
|
- grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE);
|
|
+ kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE;
|
|
|
|
grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n",
|
|
(unsigned) real_size, (unsigned) prot_size);
|
|
@@ -1016,9 +1024,7 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
- (sizeof (LINUX_IMAGE) - 1));
|
|
|
|
len = prot_file_size;
|
|
- if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
|
|
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
- argv[0]);
|
|
+ grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
|
|
|
|
if (grub_errno == GRUB_ERR_NONE)
|
|
{
|
|
@@ -1029,6 +1035,8 @@ grub_cmd_linux (grub_command_t cmd __att
|
|
|
|
fail:
|
|
|
|
+ grub_free (kernel);
|
|
+
|
|
if (file)
|
|
grub_file_close (file);
|
|
|