tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gettext: Integer overflow leads to heap OOB write or read

Browse Source 
Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may
overflow leading to subsequent OOB write or read. This patch fixes the
issue by replacing grub_zalloc() and explicit multiplication with
grub_calloc() which does the same thing in safe manner.

Fixes: CVE-2024-45776

Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
This commit is contained in:
Lidong Chen 2024-11-22 06:27:56 +00:00 committed by Daniel Kiper
parent 7580addfc8
commit 09bd6eb58b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
grub-core/gettext/gettext.c
View File

@ -323,8 +323,8 @@ grub_mofile_open (struct grub_gettext_context *ctx,
for (ctx->grub_gettext_max_log = 0; ctx->grub_gettext_max >> ctx->grub_gettext_max_log;
ctx->grub_gettext_max_log++);
ctx->grub_gettext_msg_list = grub_zalloc (ctx->grub_gettext_max
* sizeof (ctx->grub_gettext_msg_list[0]));
ctx->grub_gettext_msg_list = grub_calloc (ctx->grub_gettext_max,
sizeof (ctx->grub_gettext_msg_list[0]));
if (!ctx->grub_gettext_msg_list)
{
grub_file_close (fd);