rpms/grub2
6
0
Fork 0
Code Issues Pull Requests Releases Activity
9e9b890c89
grub2/0450-loader-i386-bsd-Use-safe-math-to-avoid-underflow.patch
Nicolas Frayer 6eaa34fe07 Add several CVE fixes 
- Resolves: CVE-2024-45779 CVE-2024-45778 CVE-2025-1118
- Resolves: CVE-2025-0677 CVE-2024-45782 CVE-2025-0690
- Resolves: CVE-2024-45783 CVE-2025-0624 CVE-2024-45776
- Resolves: CVE-2025-0622 CVE-2024-45774 CVE-2024-45775
- Resolves: CVE-2024-45781 CVE-2024-45780
- Resolves: #RHEL-79700
- Resolves: #RHEL-79341
- Resolves: #RHEL-79875
- Resolves: #RHEL-79849
- Resolves: #RHEL-79707
- Resolves: #RHEL-79857
- Resolves: #RHEL-79709
- Resolves: #RHEL-79846
- Resolves: #RHEL-75737
- Resolves: #RHEL-79713
- Resolves: #RHEL-73785
- Resolves: #RHEL-73787
- Resolves: #RHEL-79704
- Resolves: #RHEL-79702

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2025-02-18 19:06:15 +01:00

57 lines
2.0 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 5 Feb 2025 22:04:08 +0000
Subject: [PATCH] loader/i386/bsd: Use safe math to avoid underflow
The operation kern_end - kern_start may underflow when we input it into
grub_relocator_alloc_chunk_addr() call. To avoid this we can use safe
math for this subtraction.
Fixes: CID 73845
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/i386/bsd.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
index 54befc266..939628f9e 100644
--- a/grub-core/loader/i386/bsd.c
+++ b/grub-core/loader/i386/bsd.c
@@ -1341,6 +1341,7 @@ static grub_err_t
grub_bsd_load_elf (grub_elf_t elf, const char *filename)
{
grub_err_t err;
+ grub_size_t sz;
kern_end = 0;
kern_start = ~0;
@@ -1371,8 +1372,11 @@ grub_bsd_load_elf (grub_elf_t elf, const char *filename)
if (grub_errno)
return grub_errno;
- err = grub_relocator_alloc_chunk_addr (relocator, &ch,
- kern_start, kern_end - kern_start);
+
+ if (grub_sub (kern_end, kern_start, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while determining size of kernel for relocator");
+
+ err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start, sz);
if (err)
return err;
@@ -1432,8 +1436,10 @@ grub_bsd_load_elf (grub_elf_t elf, const char *filename)
{
grub_relocator_chunk_t ch;
- err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start,
- kern_end - kern_start);
+ if (grub_sub (kern_end, kern_start, &sz))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "underflow detected while determining size of kernel for relocator");
+
+ err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start, sz);
if (err)
return err;
kern_chunk_src = get_virtual_current_address (ch);
Reference in New Issue View Git Blame Copy Permalink