加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
0311-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 1.57 KB
一键复制 编辑 原始数据 按行查看 历史
geliwei 提交于 2022-04-13 15:15 . update to grub2-2.02-120.el8.src.rpm
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 24 Jul 2020 17:18:09 +0100
Subject: [PATCH] efilinux: Fix integer overflows in grub_cmd_initrd
These could be triggered by an extremely large number of arguments to
the initrd command on 32-bit architectures, or a crafted filesystem with
very large files on any architecture.
Signed-off-by: Colin Watson <cjwatson@debian.org>
---
grub-core/loader/i386/efi/linux.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index ea9f5134e..ade7ab8f5 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -28,6 +28,7 @@
#include <grub/efi/efi.h>
#include <grub/efi/linux.h>
#include <grub/tpm.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- files = grub_zalloc (argc * sizeof (files[0]));
+ files = grub_calloc (argc, sizeof (files[0]));
if (!files)
goto fail;
@@ -105,7 +106,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
if (! files[i])
goto fail;
nfiles++;
- size += ALIGN_UP (grub_file_size (files[i]), 4);
+ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ goto fail;
+ }
}
initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size));
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化