The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
hfsplus, iso9660, squash4, tar, xfs and zfs.
The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
reported by Jonathan Bar Or <jonathanbaror@gmail.com>.
Fixes: CVE-2025-0677
Fixes: CVE-2025-0684
Fixes: CVE-2025-0685
Fixes: CVE-2025-0686
Fixes: CVE-2025-0689
Suggested-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The grub_file_open() and grub_file_close() should be the only places
that allow a reference to a filesystem to stay open. So, add grub_dl_t
to grub_fs_t and set this in the GRUB_MOD_INIT() for each filesystem to
avoid issues when filesystems forget to do it themselves or do not track
their own references, e.g. squash4.
The fs_label(), fs_uuid(), fs_mtime() and fs_read() should all ref and
unref in the same function but it is essentially redundant in GRUB
single threaded model.
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub_strcpy() was used to copy a symlink name from the filesystem
image to a heap allocated buffer. This led to a OOB write to adjacent
heap allocations. Fix by using grub_strlcpy().
Fixes: CVE-2024-45781
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Some filesystems nowadays use 64-bit types for timestamps. So, update
grub_dirhook_info struct to use an grub_int64_t type to store mtime.
This also updates the grub_unixtime2datetime() function to receive
a 64-bit timestamp argument and do 64-bit-safe divisions.
All the remaining conversion from 32-bit to 64-bit should be safe, as
32-bit to 64-bit attributions will be implicitly casted. The most
critical part in the 32-bit to 64-bit conversion is in the function
grub_unixtime2datetime() where it needs to deal with the 64-bit type.
So, for that, the grub_divmod64() helper has been used.
These changes enables the GRUB to support dates beyond y2038.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
* Makefile.util.def (libgrubmods): Add ufs_be.c
* grub-core/Makefile.core.def (ufs1_be): New module.
* grub-core/fs/ufs_be.c: New file.
* grub-core/fs/ufs.c: Declare grub_ufs_to_le* and use them throughout
the file.
* grub-core/fs/ufs.c (INODE): Removed.
(INODE_SIZE): Always use 64-bit byte-swap since size field is always
64-bit.
(INODE_MODE): Simplify.
(grub_ufs_inode): Use uint64_t for size and not int64_t.
(grub_ufs_lookup_symlink): Don't use INODE.
* grub-core/fs/ufs.c (UFS_LOG_BLKSZ): New macro.
(grub_ufs_data): New field log2_blksz.
(grub_ufs_read_file): Use shifts.
(grub_ufs_mount): Check block size and logarithm it.
* grub-core/fs/affs.c (grub_affs_read_file): Use grub_off_t for offset.
* grub-core/fs/afs.c (grub_afs_read_file): Likewise.
* grub-core/fs/fshelp.c (grub_fshelp_find_file): Remove leftover
variable.
* grub-core/fs/hfs.c (grub_hfs_read_file): Use grub_off_t for offset
and connected types.
* grub-core/fs/nilfs2.c (grub_nilfs2_read_file): Use grub_off_t for
offset.
(grub_nilfs2_iterate_dir): Use grub_off_t for fpos.
* grub-core/fs/sfs.c (grub_sfs_read_file): Use grub_off_t for offset.
* grub-core/fs/ufs.c (grub_ufs_read_file): Use grub_off_t for offset
and connected types.
