grub/grub-core at 0087bc6902182fe5cedce2d034c75a79cf6dd4f3 - grub - Gitea: Git with a cup of tea.... and pages of fanfiction!

tablet/grub

History

Lidong Chen 0087bc6902 fs/tar: Integer overflow leads to heap OOB write

Both namesize and linksize are derived from hd.size, a 12-digit octal
number parsed by read_number(). Later direct arithmetic calculation like
"namesize + 1" and "linksize + 1" may exceed the maximum value of
grub_size_t leading to heap OOB write. This patch fixes the issue by
using grub_add() and checking for an overflow.

Fixes: CVE-2024-45780

Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>

2025-01-23 16:15:31 +01:00

..

A workaround for clang problem assembling startup_raw.S

2019-04-08 15:22:10 +10:00

build: Fix -Werror=array-bounds array subscript 0 is outside array bounds

2022-04-20 18:27:52 +02:00

ieee1275/tcg2: Refactor grub_ieee1275_tpm_init()

2024-11-28 22:37:50 +01:00

diskfilter: Look up cryptodisk devices first

2024-11-28 21:50:56 +01:00

types: Split aligned and packed guids

2023-11-08 05:04:24 +01:00

font: Try opening fonts from the bundled memdisk

2023-05-16 18:51:12 +02:00

fs/tar: Integer overflow leads to heap OOB write

2025-01-23 16:15:31 +01:00

misc: Spelling fixes

2023-01-19 17:39:04 +01:00

gfxmenu: Remove trailing whitespaces

2022-03-14 15:45:59 +01:00

gfxmenu/view: Resolve false grub_errno disrupting boot process

2024-04-11 15:48:25 +02:00

* grub-core/commands/gptsync.c: Fix typographic quoting.

2012-03-03 13:05:08 +01:00

* grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic

2011-11-11 21:03:49 +01:00

io/gzio: Properly init a table

2024-06-06 16:55:15 +02:00

tpm2_key_protector: Add grub-emu support

2024-11-28 21:50:56 +01:00

ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware

2024-11-28 22:57:09 +01:00

loader/multiboot: Do not add modules before successful download

2024-10-31 16:29:01 +01:00

efi: Drop all uses of efi_call_XX() wrappers

2023-05-25 16:48:00 +02:00

net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration

2024-10-10 12:38:47 +02:00

efi/console: Properly clear leftover artifacts from the screen

2024-10-10 12:36:56 +02:00

osdep/devmapper/getroot: Unmark 2 strings for translation

2024-06-20 19:14:41 +02:00

gpt: Add compile time asserts for guid and gpt_partentry sizes

2023-11-08 05:05:06 +01:00

types: Make bool generally available

2022-11-14 17:17:21 +01:00

script: Remove trailing whitespaces

2022-03-14 15:59:45 +01:00

ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID

2024-11-28 22:15:29 +01:00

asn1_test: Test module for libtasn1

2024-11-28 21:50:54 +01:00

video/efi_gop: Require shadow if PixelBltOnly

2023-08-31 17:21:40 +02:00

gdb_grub.in

gdb: Add extra early initialization symbols for i386-pc

2023-03-14 16:07:54 +01:00

gdb_helper.py.in

gdb: Modify gdb prompt when running gdb_grub script

2023-03-14 16:07:54 +01:00

genemuinit.sh

use MODULE_FILES for genemuinit* instead of MOD_FILES

2014-01-18 23:15:40 +04:00

genemuinitheader.sh

use MODULE_FILES for genemuinit* instead of MOD_FILES

2014-01-18 23:15:40 +04:00

genmod.sh.in

modules: Strip .llvm_addrsig sections and similar

2024-10-10 13:18:00 +02:00

genmoddep.awk

build: Track explicit module dependencies in Makefile.core.def

2024-05-09 15:04:54 +02:00

gensyminfo.sh.in

Fix shebang for termux.

2017-05-03 12:49:31 +02:00

gensymlist.sh

config: Where present, ensure config-util.h precedes config.h

2022-03-21 18:47:16 +01:00

gentrigtables.c

* grub-core/gentrigtables.c: Make tables const.

2013-03-01 11:15:09 +01:00

Makefile.am

key_protector: Add key protectors framework

2024-11-28 21:50:55 +01:00

Makefile.core.def

tpm2_key_protector: Enable build for powerpc_ieee1275

2024-11-28 23:02:24 +01:00

modinfo.sh.in

Fix shebang for termux.

2017-05-03 12:49:31 +02:00