| Upstream-Status: Accepted |
| CVE: CVE-2015-8370 |
| Signed-off-by: Awais Belal <awais_belal@mentor.com> |
| |
| From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 |
| From: Hector Marco-Gisbert <hecmargi@upv.es> |
| Date: Wed, 16 Dec 2015 04:57:18 +0000 |
| Subject: Fix security issue when reading username and password |
| |
| This patch fixes two integer underflows at: |
| * grub-core/lib/crypto.c |
| * grub-core/normal/auth.c |
| |
| CVE-2015-8370 |
| |
| Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> |
| Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> |
| Also-By: Andrey Borzenkov <arvidjaar@gmail.com> |
| --- |
| diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c |
| index 010e550..683a8aa 100644 |
| --- a/grub-core/lib/crypto.c |
| +++ b/grub-core/lib/crypto.c |
| @@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) |
| |
| if (key == '\b') |
| { |
| - cur_len--; |
| + if (cur_len) |
| + cur_len--; |
| continue; |
| } |
| |
| diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c |
| index c6bd96e..8615c48 100644 |
| --- a/grub-core/normal/auth.c |
| +++ b/grub-core/normal/auth.c |
| @@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) |
| |
| if (key == '\b') |
| { |
| - cur_len--; |
| - grub_printf ("\b"); |
| + if (cur_len) |
| + { |
| + cur_len--; |
| + grub_printf ("\b"); |
| + } |
| continue; |
| } |
| |
| -- |
| cgit v0.9.0.2 |