[PATCH 19/20] grub2: Fix CVE-2015-8370

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 19/20] grub2: Fix CVE-2015-8370
Date: Sat,  9 Jan 2016 16:30:45 -0800	[thread overview]
Message-ID: <bbb6db9b5f8a64411a6ba58ba1ab3d240c75ef6d.1452385572.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1452385571.git.akuster808@gmail.com>
In-Reply-To: <cover.1452385571.git.akuster808@gmail.com>

From: "Belal, Awais" <Awais_Belal@mentor.com>

http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2

Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 50 ++++++++++++++++++++++
 meta/recipes-bsp/grub/grub-efi_2.00.bb             |  1 +
 meta/recipes-bsp/grub/grub_2.00.bb                 |  1 +
 3 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch

diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
new file mode 100644
index 0000000..9ddd7a6
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Accepted
+Signed-off-by: Awais Belal <awais_belal@mentor.com>
+
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert <hecmargi@upv.es>
+Date: Wed, 16 Dec 2015 04:57:18 +0000
+Subject: Fix security issue when reading username and password
+
+This patch fixes two integer underflows at:
+  * grub-core/lib/crypto.c
+  * grub-core/normal/auth.c
+
+CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
+Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
+Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
+---
+Index: grub-2.00/grub-core/lib/crypto.c
+===================================================================
+--- grub-2.00.orig/grub-core/lib/crypto.c
++++ grub-2.00/grub-core/lib/crypto.c
+@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
+ 
+       if (key == '\b')
+ 	{
+-	  cur_len--;
++      if (cur_len)
++        cur_len--;
+ 	  continue;
+ 	}
+ 
+Index: grub-2.00/grub-core/normal/auth.c
+===================================================================
+--- grub-2.00.orig/grub-core/normal/auth.c
++++ grub-2.00/grub-core/normal/auth.c
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
+ 
+       if (key == '\b')
+ 	{
+-	  cur_len--;
+-	  grub_printf ("\b");
++      if (cur_len)
++       {
++	     cur_len--;
++	     grub_printf ("\b");
++        }
+ 	  continue;
+ 	}
+ 
diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb b/meta/recipes-bsp/grub/grub-efi_2.00.bb
index 7674255..6822e7a 100644
--- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
+++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
@@ -30,6 +30,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
            file://grub-2.00-add-oe-kernel.patch \
            file://grub-efi-fix-with-glibc-2.20.patch \
            file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+           file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
           "
 SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
 SRC_URI[sha256sum] = "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
diff --git a/meta/recipes-bsp/grub/grub_2.00.bb b/meta/recipes-bsp/grub/grub_2.00.bb
index d4df676..94b6da9 100644
--- a/meta/recipes-bsp/grub/grub_2.00.bb
+++ b/meta/recipes-bsp/grub/grub_2.00.bb
@@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
           file://fix-endianness-problem.patch \
           file://grub2-remove-sparc64-setup-from-x86-builds.patch \
           file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+          file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
           "
 
 SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
-- 
1.9.1

next prev parent reply	other threads:[~2016-01-10  0:31 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-10  0:30 [PATCH 00/20] Dizzy-next pull request 2016-1 Armin Kuster
2016-01-10  0:30 ` [PATCH 01/20] libtasn1: CVE-2015-3622 Armin Kuster
2016-01-10  0:30 ` [PATCH 02/20] grep2.19: CVE-2015-1345 Armin Kuster
2016-01-10  0:30 ` [PATCH 03/20] rsync: backport libattr checking patch Armin Kuster
2016-01-10  0:30 ` [PATCH 04/20] openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565 Armin Kuster
2016-01-10  0:30 ` [PATCH 05/20] fontcache: allow to pass extra parameters and environment to fc-cache Armin Kuster
2016-01-10  0:30 ` [PATCH 06/20] image.bbclass: don't let do_rootfs depend on BUILDNAME Armin Kuster
2016-01-10  0:30 ` [PATCH 07/20] layer.conf: Add several allarch dependency exclusions Armin Kuster
2016-01-10  0:30 ` [PATCH 08/20] layer.conf: Add missing dependency for allarch package initramfs-framework Armin Kuster
2016-01-10  0:30 ` [PATCH 09/20] allarch: Force TARGET_*FLAGS variable values Armin Kuster
2016-01-10  0:30 ` [PATCH 10/20] texinfo: don't create dependency on INHERIT variable Armin Kuster
2016-01-10  0:30 ` [PATCH 11/20] linux-dtb.inc: drop unused DTB_NAME variable from do_install Armin Kuster
2016-01-10  0:30 ` [PATCH 12/20] glibc: use patch for CVE-2015-1781 Armin Kuster
2016-01-10  0:30 ` [PATCH 13/20] libxml2: CVE-2015-7942 Armin Kuster
2016-01-10  0:30 ` [PATCH 14/20] unzip: CVE-2015-7696, CVE-2015-7697 Armin Kuster
2016-01-10  0:30 ` [PATCH 15/20] libxml2: CVE-2015-8035 Armin Kuster
2016-01-10  0:30 ` [PATCH 16/20] openssl: CVE-2015-3194, CVE-2015-3195 Armin Kuster
2016-01-10  0:30 ` [PATCH 17/20] libxml2: CVE-2015-8241 Armin Kuster
2016-01-10  0:30 ` [PATCH 18/20] Fixes a heap buffer overflow in glibc wscanf Armin Kuster
2016-01-10  0:30 ` Armin Kuster [this message]
2016-01-10  0:30 ` [PATCH 20/20] bind: CVE-2015-8000 Armin Kuster
2016-01-21 11:57 ` [PATCH 00/20] Dizzy-next pull request 2016-1 Martin Jansa
2016-01-27 11:33   ` Martin Jansa
2016-01-30  2:44     ` akuster808
2016-01-30  9:08       ` Martin Jansa
2016-01-30 12:06         ` Richard Purdie
2016-01-30 12:37           ` Martin Jansa

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9ddd7a6 dfblob:7674255 dfblob:6822e7a dfblob:d4df676
dfblob:94b6da9 )
 OR (
bs:"[PATCH 19/20] grub2: Fix CVE-2015-8370" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bbb6db9b5f8a64411a6ba58ba1ab3d240c75ef6d.1452385572.git.akuster808@gmail.com \
    --to=akuster808@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox