b209619f5b
Resolves CVE-2024-45775 CVE-2025-0624 Resolves: #RHEL-75735 Resolves: #RHEL-79837 Signed-off-by: Leo Sandoval <lsandova@redhat.com> Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Alec Brown <alec.r.brown@oracle.com>
|
|
Date: Tue, 4 Feb 2025 15:11:11 +0000
|
|
Subject: [PATCH] normal/menu: Use safe math to avoid an integer overflow
|
|
|
|
The Coverity indicates that the variable current_entry might overflow.
|
|
To prevent this use safe math when adding GRUB_MENU_PAGE_SIZE to current_entry.
|
|
|
|
On the occasion fix limiting condition which was broken.
|
|
|
|
Fixes: CID 473853
|
|
|
|
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/normal/menu.c | 5 ++---
|
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
|
|
index 7e32c498a..ff2bebe82 100644
|
|
--- a/grub-core/normal/menu.c
|
|
+++ b/grub-core/normal/menu.c
|
|
@@ -32,6 +32,7 @@
|
|
#include <grub/script_sh.h>
|
|
#include <grub/gfxterm.h>
|
|
#include <grub/dl.h>
|
|
+#include <grub/safemath.h>
|
|
|
|
/* Time to delay after displaying an error message about a default/fallback
|
|
entry failing to boot. */
|
|
@@ -780,9 +781,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
|
|
|
|
case GRUB_TERM_CTRL | 'c':
|
|
case GRUB_TERM_KEY_NPAGE:
|
|
- if (current_entry + GRUB_MENU_PAGE_SIZE < menu->size)
|
|
- current_entry += GRUB_MENU_PAGE_SIZE;
|
|
- else
|
|
+ if (grub_add (current_entry, GRUB_MENU_PAGE_SIZE, ¤t_entry) || current_entry >= menu->size)
|
|
current_entry = menu->size - 1;
|
|
menu_set_chosen_entry (current_entry);
|
|
break;
|