tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commands/usbtest: Use correct string length field

Browse Source 
An incorrect length field is used for buffer allocation. This leads to
grub_utf16_to_utf8() receiving an incorrect/different length and possibly
causing OOB write. This makes sure to use the correct length.

Fixes: CVE-2025-61661

Reported-by: Jamie <volticks@gmail.com>
Signed-off-by: Jamie <volticks@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Jamie 2025-07-14 09:52:59 +01:00 committed by Daniel Kiper
parent 9df1e693e7
commit 549a9cc372
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
grub-core/commands/usbtest.c
View File

@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
return GRUB_USB_ERR_NONE; return GRUB_USB_ERR_NONE;
} }
*string = grub_malloc (descstr.length * 2 + 1); *string = grub_malloc (descstrp->length * 2 + 1);
if (! *string) if (! *string)
{ {
grub_free (descstrp); grub_free (descstrp);