From bc2335ce74b2f7405bcf41c5e7f0385320df8a0fe7260b6dbf971149f271ee8f Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 17 Dec 2015 02:45:19 +0000 Subject: [PATCH] Accepting request 349095 from home:arvidjaar:branches:Base:System - Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch Fix for CVE-2015-8370. OBS-URL: https://build.opensuse.org/request/show/349095 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=193 --- ...ue-when-reading-username-and-passwor.patch | 54 +++++++++++++++++++ grub2.changes | 6 +++ grub2.spec | 2 + 3 files changed, 62 insertions(+) create mode 100644 0001-Fix-security-issue-when-reading-username-and-passwor.patch diff --git a/0001-Fix-security-issue-when-reading-username-and-passwor.patch b/0001-Fix-security-issue-when-reading-username-and-passwor.patch new file mode 100644 index 0000000..9a93256 --- /dev/null +++ b/0001-Fix-security-issue-when-reading-username-and-passwor.patch @@ -0,0 +1,54 @@ +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Wed, 16 Dec 2015 07:57:18 +0300 +Subject: [PATCH] Fix security issue when reading username and password + +This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +Also-By: Andrey Borzenkov +--- + grub-core/lib/crypto.c | 3 ++- + grub-core/normal/auth.c | 7 +++++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..683a8aa 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) + + if (key == '\b') + { +- cur_len--; ++ if (cur_len) ++ cur_len--; + continue; + } + +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..8615c48 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) + + if (key == '\b') + { +- cur_len--; +- grub_printf ("\b"); ++ if (cur_len) ++ { ++ cur_len--; ++ grub_printf ("\b"); ++ } + continue; + } + +-- +1.9.1 + diff --git a/grub2.changes b/grub2.changes index 6b946e6..f8d5ed2 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Dec 16 05:04:37 UTC 2015 - arvidjaar@gmail.com + +- Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch + Fix for CVE-2015-8370. + ------------------------------------------------------------------- Wed Dec 9 18:13:27 UTC 2015 - arvidjaar@gmail.com diff --git a/grub2.spec b/grub2.spec index e393132..7d8bebb 100644 --- a/grub2.spec +++ b/grub2.spec @@ -205,6 +205,7 @@ Patch68: grub2-btrfs-fix-get_root-key-comparison-failures-due-to-en.patch Patch69: grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch Patch70: grub2-default-distributor.patch Patch71: grub2-menu-unrestricted.patch +Patch72: 0001-Fix-security-issue-when-reading-username-and-passwor.patch # Btrfs snapshot booting related patches Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch Patch102: grub2-btrfs-02-export-subvolume-envvars.patch @@ -479,6 +480,7 @@ mv po/grub.pot po/%{name}.pot %patch69 -p1 %patch70 -p1 %patch71 -p1 +%patch72 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1