Blame - package/boot/grub2/patches/300-CVE-2015-8370.patch - T108

blob: 22f6c90928adffc1f7bcd06720f8753f02d1f13d [file] [log] [blame]

b.liu	e958203	2025-04-17 19:18:16 +0800	[diff] [blame]	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
				2	From: Hector Marco-Gisbert <hecmargi@upv.es>
				3	Date: Fri, 13 Nov 2015 16:21:09 +0100
				4	Subject: [PATCH] Fix security issue when reading username and password
				5
				6	This patch fixes two integer underflows at:
				7	* grub-core/lib/crypto.c
				8	* grub-core/normal/auth.c
				9
				10	Resolves: CVE-2015-8370
				11
				12	Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
				13	Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
				14	---
				15	grub-core/lib/crypto.c \| 2 +-
				16	grub-core/normal/auth.c \| 2 +-
				17	2 files changed, 2 insertions(+), 2 deletions(-)
				18
				19	--- a/grub-core/lib/crypto.c
				20	+++ b/grub-core/lib/crypto.c
				21	@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
				22	break;
				23	}
				24
				25	- if (key == '\b')
				26	+ if (key == '\b' && cur_len)
				27	{
				28	if (cur_len)
				29	cur_len--;
				30	--- a/grub-core/normal/auth.c
				31	+++ b/grub-core/normal/auth.c
				32	@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
				33	break;
				34	}
				35
				36	- if (key == GRUB_TERM_BACKSPACE)
				37	+ if (key == GRUB_TERM_BACKSPACE && cur_len)
				38	{
				39	if (cur_len)
				40	{