From: akuster808 <akuster808@gmail.com>
To: Awais_Belal@mentor.com
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [dizzy][PATCH] grub2: Fix CVE-2015-8370
Date: Sun, 3 Jan 2016 18:13:14 -0800 [thread overview]
Message-ID: <5689D53A.3040902@gmail.com> (raw)
In-Reply-To: <2021B186DC632746BD5A3CE32F12BD28011FB77C51@EU-MBX-02.mgc.mentorg.com>
On 12/31/15 5:38 AM, Belal, Awais wrote:
Awais,
> Ping!
This patch does not apply to the current dizzy branch.
is there a dependency patch I missed to apply?
regards,
Armin
>
> BR,
> Awais
>
> ________________________________________
> From: openembedded-core-bounces@lists.openembedded.org [openembedded-core-bounces@lists.openembedded.org] on behalf of Belal, Awais
> Sent: Wednesday, December 23, 2015 4:20 PM
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [dizzy][PATCH] grub2: Fix CVE-2015-8370
>
> http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
>
> Signed-off-by: Awais Belal <awais_belal@mentor.com>
> ---
> ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 52 ++++++++++++++++++++++
> meta/recipes-bsp/grub/grub-efi_2.00.bb | 1 +
> meta/recipes-bsp/grub/grub_2.00.bb | 1 +
> 3 files changed, 54 insertions(+)
> create mode 100644 meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
>
> diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> new file mode 100644
> index 0000000..f9252e9
> --- /dev/null
> +++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status: Accepted
> +Signed-off-by: Awais Belal <awais_belal@mentor.com>
> +
> +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
> +From: Hector Marco-Gisbert <hecmargi@upv.es>
> +Date: Wed, 16 Dec 2015 04:57:18 +0000
> +Subject: Fix security issue when reading username and password
> +
> +This patch fixes two integer underflows at:
> + * grub-core/lib/crypto.c
> + * grub-core/normal/auth.c
> +
> +CVE-2015-8370
> +
> +Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
> +Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
> +---
> +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
> +index 010e550..683a8aa 100644
> +--- a/grub-core/lib/crypto.c
> ++++ b/grub-core/lib/crypto.c
> +@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
> +
> + if (key == '\b')
> + {
> +- cur_len--;
> ++ if (cur_len)
> ++ cur_len--;
> + continue;
> + }
> +
> +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
> +index c6bd96e..8615c48 100644
> +--- a/grub-core/normal/auth.c
> ++++ b/grub-core/normal/auth.c
> +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
> +
> + if (key == '\b')
> + {
> +- cur_len--;
> +- grub_printf ("\b");
> ++ if (cur_len)
> ++ {
> ++ cur_len--;
> ++ grub_printf ("\b");
> ++ }
> + continue;
> + }
> +
> +--
> +cgit v0.9.0.2
> diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> index 7674255..6822e7a 100644
> --- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
> +++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
> @@ -30,6 +30,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
> file://grub-2.00-add-oe-kernel.patch \
> file://grub-efi-fix-with-glibc-2.20.patch \
> file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
> + file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
> "
> SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> SRC_URI[sha256sum] = "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
> diff --git a/meta/recipes-bsp/grub/grub_2.00.bb b/meta/recipes-bsp/grub/grub_2.00.bb
> index d4df676..94b6da9 100644
> --- a/meta/recipes-bsp/grub/grub_2.00.bb
> +++ b/meta/recipes-bsp/grub/grub_2.00.bb
> @@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
> file://fix-endianness-problem.patch \
> file://grub2-remove-sparc64-setup-from-x86-builds.patch \
> file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
> + file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
> "
>
> SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
next prev parent reply other threads:[~2016-01-04 2:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-23 11:20 [dizzy][PATCH] grub2: Fix CVE-2015-8370 Awais Belal
[not found] ` <1450877091.3760.4.camel@collabora.co.uk>
2015-12-28 10:40 ` Belal, Awais
2016-01-07 11:06 ` Joshua Lock
2015-12-31 13:38 ` Belal, Awais
2016-01-04 2:13 ` akuster808 [this message]
2016-01-04 7:53 ` Belal, Awais
2016-01-06 9:43 ` Belal, Awais
2016-01-06 17:15 ` akuster808
2016-01-07 9:56 ` Belal, Awais
2016-01-08 2:32 ` akuster808
2016-01-08 10:45 ` Belal, Awais
2016-01-11 11:14 ` Joshua Lock
2016-01-11 11:29 ` Belal, Awais
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5689D53A.3040902@gmail.com \
--to=akuster808@gmail.com \
--cc=Awais_Belal@mentor.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox