grub2/0134-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 24 Jul 2020 17:18:09 +0100
Subject: [PATCH] efilinux: Fix integer overflows in grub_cmd_initrd

These could be triggered by an extremely large number of arguments to
the initrd command on 32-bit architectures, or a crafted filesystem with
very large files on any architecture.

Signed-off-by: Colin Watson <cjwatson@debian.org>
---
 grub-core/loader/i386/efi/linux.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 15d40d6e35..f992ceeef2 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -28,6 +28,8 @@
 #include <grub/efi/efi.h>
 #include <grub/efi/linux.h>
 #include <grub/cpu/efi/memory.h>
+#include <grub/tpm.h>
+#include <grub/safemath.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -206,7 +208,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
       goto fail;
     }
 
-  files = grub_zalloc (argc * sizeof (files[0]));
+  files = grub_calloc (argc, sizeof (files[0]));
   if (!files)
     goto fail;
 
@@ -216,7 +218,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
       if (! files[i])
         goto fail;
       nfiles++;
-      size += ALIGN_UP (grub_file_size (files[i]), 4);
+      if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size))
+	{
+	  grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+	  goto fail;
+	}
     }
 
   initrd_mem = kernel_alloc(size, N_("can't allocate initrd"));
import grub2-2.02-90.el8_3.1 2021-03-02 18:56:20 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00			`From: Colin Watson <cjwatson@debian.org>`
			`Date: Fri, 24 Jul 2020 17:18:09 +0100`
import grub2-2.02-90.el8_3.1 2021-03-02 18:56:20 +00:00			`Subject: [PATCH] efilinux: Fix integer overflows in grub_cmd_initrd`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00
			`These could be triggered by an extremely large number of arguments to`
			`the initrd command on 32-bit architectures, or a crafted filesystem with`
			`very large files on any architecture.`

			`Signed-off-by: Colin Watson <cjwatson@debian.org>`
			`---`
import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`grub-core/loader/i386/efi/linux.c \| 10 ++++++++--`
			`1 file changed, 8 insertions(+), 2 deletions(-)`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00
			`diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c`
import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`index 15d40d6e35..f992ceeef2 100644`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00			`--- a/grub-core/loader/i386/efi/linux.c`
			`+++ b/grub-core/loader/i386/efi/linux.c`
import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`@@ -28,6 +28,8 @@`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00			`#include <grub/efi/efi.h>`
			`#include <grub/efi/linux.h>`
import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`#include <grub/cpu/efi/memory.h>`
			`+#include <grub/tpm.h>`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00			`+#include <grub/safemath.h>`

			`GRUB_MOD_LICENSE ("GPLv3+");`

import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`@@ -206,7 +208,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00			`goto fail;`
			`}`

			`- files = grub_zalloc (argc * sizeof (files[0]));`
			`+ files = grub_calloc (argc, sizeof (files[0]));`
			`if (!files)`
			`goto fail;`

import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`@@ -216,7 +218,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),`
import grub2-2.02-87.el8_2 2020-07-29 17:15:26 +00:00			`if (! files[i])`
			`goto fail;`
			`nfiles++;`
			`- size += ALIGN_UP (grub_file_size (files[i]), 4);`
			`+ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size))`
			`+ {`
			`+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));`
			`+ goto fail;`
			`+ }`
			`}`

import RHEL 10 Beta grub2-2.06-127.el10 2024-11-20 13:39:59 +00:00			`initrd_mem = kernel_alloc(size, N_("can't allocate initrd"));`