grub/grub-core at 128c16a682034263eb519c89bc0934eeb6fa8cfa - grub - Gitea: Git with a cup of tea.... and pages of fanfiction!

tablet/grub

History

Javier Martinez Canillas 128c16a682 usb: Avoid possible out-of-bound accesses caused by malicious devices

The maximum number of configurations and interfaces are fixed but there is
no out-of-bound checking to prevent a malicious USB device to report large
values for these and cause accesses outside the arrays' memory.

Fixes: CVE-2020-25647

Reported-by: Joseph Tartaro <joseph.tartaro@ioactive.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

2021-03-02 15:54:15 +01:00

..

A workaround for clang problem assembling startup_raw.S

2019-04-08 15:22:10 +10:00

usb: Avoid possible out-of-bound accesses caused by malicious devices

2021-03-02 15:54:15 +01:00

dl: Only allow unloading modules that are not dependencies

2021-03-02 15:54:15 +01:00

luks2: Use grub_log2ull() to calculate log_sector_size and improve readability

2020-12-18 23:15:05 +01:00

calloc: Use calloc() at most places

2020-07-29 16:55:47 +02:00

font: Do not load more than one NAME section

2020-07-29 16:55:48 +02:00

disk: Rename grub_disk_get_size() to grub_disk_native_sectors()

2020-12-12 01:19:03 +01:00

gdb: Restrict GDB access when locked down

2021-03-02 15:54:15 +01:00

verifiers: File type for fine-grained signature-verification controlling

2018-11-09 13:25:31 +01:00

gfxmenu: Fix double free in load_image()

2020-07-29 16:55:48 +02:00

* grub-core/commands/gptsync.c: Fix typographic quoting.

2012-03-03 13:05:08 +01:00

* grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic

2011-11-11 21:03:49 +01:00

calloc: Use calloc() at most places

2020-07-29 16:55:47 +02:00

dl: Only allow unloading modules that are not dependencies

2021-03-02 15:54:15 +01:00

lzma: Fix compilation error under clang 10

2020-10-30 21:53:00 +01:00

loader/xnu: Don't allow loading extension and packages when locked down

2021-03-02 15:54:15 +01:00

mmap: Don't register cutmem and badram commands when lockdown is enforced

2021-03-02 15:54:15 +01:00

tftp: Roll-over block counter to prevent data packets timeouts

2020-09-11 15:52:07 +02:00

disk: Rename grub_disk_get_size() to grub_disk_native_sectors()

2020-12-12 01:19:03 +01:00

disk: Rename grub_disk_get_size() to grub_disk_native_sectors()

2020-12-12 01:19:03 +01:00

mbr: Warn if MBR gap is small and user uses advanced modules

2020-12-12 01:19:03 +01:00

* grub-core/net/http.c: Add TRANSLATORS comments.

2012-03-05 16:42:26 +01:00

script: Do not allow a delimiter between function name and block start

2020-09-18 22:31:30 +02:00

arm/term: Fix linking error due multiple ps2_state definitions

2020-12-11 13:53:54 +01:00

calloc: Use calloc() at most places

2020-07-29 16:55:47 +02:00

efi: Return grub_efi_status_t from grub_efi_get_variable()

2020-12-11 13:54:54 +01:00

gdb_grub.in

* grub-core/gdb_grub.in: Fix overflow and wrong field.

2013-10-14 03:40:20 +02:00

genemuinit.sh

use MODULE_FILES for genemuinit* instead of MOD_FILES

2014-01-18 23:15:40 +04:00

genemuinitheader.sh

use MODULE_FILES for genemuinit* instead of MOD_FILES

2014-01-18 23:15:40 +04:00

genmod.sh.in

.mod files: Strip annobin annotations and .eh_frame, and their relocations

2018-03-05 14:08:22 +01:00

genmoddep.awk

enforcing fixup

2017-08-14 16:27:10 +02:00

gensyminfo.sh.in

Fix shebang for termux.

2017-05-03 12:49:31 +02:00

gensymlist.sh

Make 'make check' work on emu.

2013-04-27 02:00:16 +02:00

gentrigtables.c

* grub-core/gentrigtables.c: Make tables const.

2013-03-01 11:15:09 +01:00

gmodule.pl.in

* grub-core/gmodule.pl.in: Accept newer binutils which output

2014-09-21 18:23:23 +02:00

Makefile.am

kern: Add lockdown support

2021-03-02 15:54:15 +01:00

Makefile.core.def

kern: Add lockdown support

2021-03-02 15:54:15 +01:00

modinfo.sh.in

Fix shebang for termux.

2017-05-03 12:49:31 +02:00