|
0 |
From 832cd1c6c3af71de697aaeaae293f1fccddf60d0 Mon Sep 17 00:00:00 2001
|
|
1 |
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
|
2 |
Date: Wed, 16 Dec 2015 07:57:18 +0300
|
|
3 |
Subject: Fix security issue when reading username and password
|
|
4 |
|
|
5 |
This patch fixes two integer underflows at:
|
|
6 |
* grub-core/lib/crypto.c
|
|
7 |
* grub-core/normal/auth.c
|
|
8 |
|
|
9 |
CVE-2015-8370
|
|
10 |
|
|
11 |
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
|
12 |
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
|
13 |
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
|
|
14 |
|
|
15 |
Bug-Debian: https://bugs.debian.org/808122
|
|
16 |
Last-Update: 2015-12-16
|
|
17 |
|
|
18 |
Patch-Name: CVE-2015-8370.patch
|
|
19 |
---
|
|
20 |
grub-core/lib/crypto.c | 3 ++-
|
|
21 |
grub-core/normal/auth.c | 7 +++++--
|
|
22 |
2 files changed, 7 insertions(+), 3 deletions(-)
|
|
23 |
|
|
24 |
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
|
25 |
index 8e8426c..571992c 100644
|
|
26 |
--- a/grub-core/lib/crypto.c
|
|
27 |
+++ b/grub-core/lib/crypto.c
|
|
28 |
@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned buf_size)
|
|
29 |
|
|
30 |
if (key == '\b')
|
|
31 |
{
|
|
32 |
- cur_len--;
|
|
33 |
+ if (cur_len)
|
|
34 |
+ cur_len--;
|
|
35 |
continue;
|
|
36 |
}
|
|
37 |
|
|
38 |
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
|
|
39 |
index c6bd96e..8615c48 100644
|
|
40 |
--- a/grub-core/normal/auth.c
|
|
41 |
+++ b/grub-core/normal/auth.c
|
|
42 |
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
|
|
43 |
|
|
44 |
if (key == '\b')
|
|
45 |
{
|
|
46 |
- cur_len--;
|
|
47 |
- grub_printf ("\b");
|
|
48 |
+ if (cur_len)
|
|
49 |
+ {
|
|
50 |
+ cur_len--;
|
|
51 |
+ grub_printf ("\b");
|
|
52 |
+ }
|
|
53 |
continue;
|
|
54 |
}
|
|
55 |
|