| Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 1 | Upstream-Status: Accepted |
| 2 | CVE: CVE-2015-8370 |
| 3 | Signed-off-by: Awais Belal <awais_belal@mentor.com> |
| 4 | |
| 5 | From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 |
| 6 | From: Hector Marco-Gisbert <hecmargi@upv.es> |
| 7 | Date: Wed, 16 Dec 2015 04:57:18 +0000 |
| 8 | Subject: Fix security issue when reading username and password |
| 9 | |
| 10 | This patch fixes two integer underflows at: |
| 11 | * grub-core/lib/crypto.c |
| 12 | * grub-core/normal/auth.c |
| 13 | |
| 14 | CVE-2015-8370 |
| 15 | |
| 16 | Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> |
| 17 | Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> |
| 18 | Also-By: Andrey Borzenkov <arvidjaar@gmail.com> |
| 19 | --- |
| 20 | diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c |
| 21 | index 010e550..683a8aa 100644 |
| 22 | --- a/grub-core/lib/crypto.c |
| 23 | +++ b/grub-core/lib/crypto.c |
| 24 | @@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) |
| 25 | |
| 26 | if (key == '\b') |
| 27 | { |
| 28 | - cur_len--; |
| 29 | + if (cur_len) |
| 30 | + cur_len--; |
| 31 | continue; |
| 32 | } |
| 33 | |
| 34 | diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c |
| 35 | index c6bd96e..8615c48 100644 |
| 36 | --- a/grub-core/normal/auth.c |
| 37 | +++ b/grub-core/normal/auth.c |
| 38 | @@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) |
| 39 | |
| 40 | if (key == '\b') |
| 41 | { |
| 42 | - cur_len--; |
| 43 | - grub_printf ("\b"); |
| 44 | + if (cur_len) |
| 45 | + { |
| 46 | + cur_len--; |
| 47 | + grub_printf ("\b"); |
| 48 | + } |
| 49 | continue; |
| 50 | } |
| 51 | |
| 52 | -- |
| 53 | cgit v0.9.0.2 |