grub/fs at 0087bc6902182fe5cedce2d034c75a79cf6dd4f3 - grub - Gitea: Git with a cup of tea.... and pages of fanfiction!

tablet/grub

History

Lidong Chen 0087bc6902 fs/tar: Integer overflow leads to heap OOB write

Both namesize and linksize are derived from hd.size, a 12-digit octal
number parsed by read_number(). Later direct arithmetic calculation like
"namesize + 1" and "linksize + 1" may exceed the maximum value of
grub_size_t leading to heap OOB write. This patch fixes the issue by
using grub_add() and checking for an overflow.

Fixes: CVE-2024-45780

Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>

2025-01-23 16:15:31 +01:00

..

fs/zfs/zfs: Add support for zstd compression

2024-06-20 15:43:23 +02:00

affs.c

fs/affs: Fix memory leaks in grub_affs_create_node()

2022-12-07 23:38:25 +01:00

afs.c

Leverage BFS implementation to read AFS.

2011-10-30 16:10:18 +01:00

archelp.c

fs/archelp: If path given to grub_archelp_dir() is not a directory return error

2023-08-14 18:07:24 +02:00

bfs.c

fs/bfs: Fix improper grub_free() on non-existing files

2024-06-06 16:55:15 +02:00

btrfs.c

fs/btrfs: Zero file data not backed by extents

2023-10-12 19:01:45 +02:00

cbfs.c

build: Fix -Werror=array-bounds array subscript 0 is outside array bounds

2022-04-20 18:27:52 +02:00

cpio_be.c

Add gcc_struct to all packed structures when compiling with mingw.

2013-12-15 14:14:30 +01:00

cpio_common.c

fs: Remove trailing whitespaces

2022-03-14 15:45:30 +01:00

cpio.c

Add gcc_struct to all packed structures when compiling with mingw.

2013-12-15 14:14:30 +01:00

erofs.c

fs/erofs: Replace 64-bit modulo with bitwise operations

2024-09-05 17:08:38 +02:00

exfat.c

exfat reader

2011-04-11 18:13:00 +02:00

ext2.c

fs/ext2: Ignore the large_dir incompat feature

2022-10-04 16:00:51 +02:00

f2fs.c

fs/f2fs: Fix off-by-one error in nat journal entries check

2023-01-19 17:39:05 +01:00

fat.c

fs/fat: Don't error when mtime is 0

2022-07-27 19:20:53 +02:00

fshelp.c

fs: Remove trailing whitespaces

2022-03-14 15:45:30 +01:00

hfs.c

fs/hfs: Fix stack OOB write with grub_strcpy()

2025-01-16 15:05:23 +01:00

hfsplus.c

fs/hfsplus: Set grub_errno to prevent NULL pointer access

2023-05-17 18:19:02 +02:00

hfspluscomp.c

disk: Allow read hook callback to take read buffer to potentially modify it

2022-07-04 14:43:25 +02:00

iso9660.c

fs/iso9660: Delay CE hop until end of current SUSP area

2023-04-13 14:45:47 +02:00

jfs.c

fs/jfs: Clean up redundant code

2024-01-25 18:08:48 +01:00

minix2_be.c

Handle big-endian minixfs (fixes minixfs tests on bigendian).

2012-04-01 21:35:18 +02:00

minix2.c

Split minix.mod into minix.mod and minix2.mod.

2010-09-08 19:13:48 +02:00

minix3_be.c

Handle big-endian minixfs (fixes minixfs tests on bigendian).

2012-04-01 21:35:18 +02:00

minix3.c

minix3fs support

2011-04-11 08:16:13 +02:00

minix_be.c

Handle big-endian minixfs (fixes minixfs tests on bigendian).

2012-04-01 21:35:18 +02:00

minix.c

fs/minix: Fix memory leaks in grub_minix_lookup_symlink()

2022-12-07 23:38:26 +01:00

newc.c

Add gcc_struct to all packed structures when compiling with mingw.

2013-12-15 14:14:30 +01:00

nilfs2.c

fs: Remove trailing whitespaces

2022-03-14 15:45:30 +01:00

ntfs.c

fs/ntfs: Make code more readable

2023-10-03 15:38:48 +02:00

ntfscomp.c

disk: Allow read hook callback to take read buffer to potentially modify it

2022-07-04 14:43:25 +02:00

odc.c

Add gcc_struct to all packed structures when compiling with mingw.

2013-12-15 14:14:30 +01:00

proc.c

Change fs functions to add fs_ prefix

2019-04-09 10:03:29 +10:00

reiserfs.c

fs: Remove trailing whitespaces

2022-03-14 15:45:30 +01:00

romfs.c

fs: Remove trailing whitespaces

2022-03-14 15:45:30 +01:00

sfs.c

fs/sfs: Fix over-read of root object name

2021-03-02 15:54:18 +01:00

squash4.c

fs/squash4: Fix memory leaks in grub_squash_iterate_dir()

2022-12-07 23:38:26 +01:00

tar.c

fs/tar: Integer overflow leads to heap OOB write

2025-01-23 16:15:31 +01:00

udf.c

fs/udf: Fix out of bounds access

2023-06-13 14:48:38 +02:00

ufs2.c

automake commit without merge history

2010-05-06 11:34:04 +05:30

ufs_be.c

Support big-endian UFS1.

2012-12-08 20:56:58 +01:00

ufs.c

fs/ufs: Fix a heap OOB write

2024-12-02 17:32:51 +01:00

xfs.c

fs/xfs: Handle non-continuous data blocks in directory extents

2024-04-11 15:46:44 +02:00