3f05d693d1
This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:
X = grub_malloc(arithmetic_expr);
It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.
Among other issues, this fixes:
- allocation of integer overflow in grub_video_bitmap_create()
reported by Chris Coulson,
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in grub_squash_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in grub_ext2_read_symlink()
reported by Chris Coulson,
- allocation of integer overflow in read_section_as_string()
reported by Chris Coulson.
Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'