grub2/0269-modules-make-.module_license-read-only.patch
Robbie Harwood 42b3050a74 CVE fixes for 2022-05-24
CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Resolves: #2070688

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 14:09:47 -04:00

32 lines
1.3 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 24 Feb 2022 16:32:51 -0500
Subject: [PATCH] modules: make .module_license read-only
Currently .module_license is set writable (that is, the section has the
SHF_WRITE flag set) in the module's ELF headers. This probably never
actually matters, but it can't possibly be correct.
This patch sets that data as "const", which causes that flag not to be
set.
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 2eff3e2c9d9e6b75daa81b840c96f112ef7d5de6)
---
include/grub/dl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/grub/dl.h b/include/grub/dl.h
index 20d870f2a4..618ae6f474 100644
--- a/include/grub/dl.h
+++ b/include/grub/dl.h
@@ -121,7 +121,7 @@ grub_mod_fini (void)
#define ATTRIBUTE_USED __unused__
#endif
#define GRUB_MOD_LICENSE(license) \
- static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license;
+ static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license;
#define GRUB_MOD_DEP(name) \
static const char grub_module_depend_##name[] \
__attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name