grub2/0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
Michael Chang 005c99a035 Accepting request 942210 from home:michael-chang:branches:Base:System
- Fix CVE-2021-3981 (bsc#1189644)
  * 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch

- Fix can't allocate initrd error (bsc#1191378) 
  * 0001-Factor-out-grub_efi_linux_boot.patch
  * 0002-Fix-race-in-EFI-validation.patch
  * 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
  * 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
  * 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
  * 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
  * 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
  * 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
  * 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
  * 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
  * 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch

OBS-URL: https://build.opensuse.org/request/show/942210
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=400
2021-12-27 06:21:59 +00:00

53 lines
1.6 KiB
Diff

From 1fc593b372bfe9bba82f4c59236d5a0cffebd8e2 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 24 Jul 2020 17:18:09 +0100
Subject: [PATCH 10/11] efilinux: Fix integer overflows in grub_cmd_initrd
These could be triggered by an extremely large number of arguments to
the initrd command on 32-bit architectures, or a crafted filesystem with
very large files on any architecture.
Signed-off-by: Colin Watson <cjwatson@debian.org>
---
grub-core/loader/i386/efi/linux.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 652212227..6b06a8f2f 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -28,6 +28,8 @@
#include <grub/efi/efi.h>
#include <grub/efi/linux.h>
#include <grub/cpu/efi/memory.h>
+#include <grub/tpm.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -206,7 +208,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- files = grub_zalloc (argc * sizeof (files[0]));
+ files = grub_calloc (argc, sizeof (files[0]));
if (!files)
goto fail;
@@ -217,7 +219,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
if (! files[i])
goto fail;
nfiles++;
- size += ALIGN_UP (grub_file_size (files[i]), 4);
+ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ goto fail;
+ }
}
initrd_mem = kernel_alloc(size, N_("can't allocate initrd"));
--
2.31.1