1 |
commit: 27cb6e8ce5f9c2faea0b4a39887d5d937b6107ef |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Dec 18 17:00:47 2015 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Dec 18 17:00:47 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27cb6e8c |
7 |
|
8 |
sys-boot/grub: Replace patch for CVE-2015-8370 |
9 |
|
10 |
Use what actually got accepted upstream. |
11 |
|
12 |
Package-Manager: portage-2.2.26_p32 |
13 |
|
14 |
sys-boot/grub/files/CVE-2015-8370.patch | 57 +++++++++++++++++++-------------- |
15 |
1 file changed, 33 insertions(+), 24 deletions(-) |
16 |
|
17 |
diff --git a/sys-boot/grub/files/CVE-2015-8370.patch b/sys-boot/grub/files/CVE-2015-8370.patch |
18 |
index 5701b54..69e419e 100644 |
19 |
--- a/sys-boot/grub/files/CVE-2015-8370.patch |
20 |
+++ b/sys-boot/grub/files/CVE-2015-8370.patch |
21 |
@@ -1,45 +1,54 @@ |
22 |
-From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 |
23 |
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 |
24 |
From: Hector Marco-Gisbert <hecmargi@×××.es> |
25 |
-Date: Fri, 13 Nov 2015 16:21:09 +0100 |
26 |
+Date: Wed, 16 Dec 2015 07:57:18 +0300 |
27 |
Subject: [PATCH] Fix security issue when reading username and password |
28 |
|
29 |
- This patch fixes two integer underflows at: |
30 |
- * grub-core/lib/crypto.c |
31 |
- * grub-core/normal/auth.c |
32 |
+This patch fixes two integer underflows at: |
33 |
+ * grub-core/lib/crypto.c |
34 |
+ * grub-core/normal/auth.c |
35 |
+ |
36 |
+CVE-2015-8370 |
37 |
|
38 |
Signed-off-by: Hector Marco-Gisbert <hecmargi@×××.es> |
39 |
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@×××××××××.es> |
40 |
+Also-By: Andrey Borzenkov <arvidjaar@×××××.com> |
41 |
--- |
42 |
- grub-core/lib/crypto.c | 2 +- |
43 |
- grub-core/normal/auth.c | 2 +- |
44 |
- 2 files changed, 2 insertions(+), 2 deletions(-) |
45 |
+ grub-core/lib/crypto.c | 3 ++- |
46 |
+ grub-core/normal/auth.c | 7 +++++-- |
47 |
+ 2 files changed, 7 insertions(+), 3 deletions(-) |
48 |
|
49 |
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c |
50 |
-index 010e550..524a3d8 100644 |
51 |
+index 010e550..683a8aa 100644 |
52 |
--- a/grub-core/lib/crypto.c |
53 |
+++ b/grub-core/lib/crypto.c |
54 |
-@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) |
55 |
- break; |
56 |
- } |
57 |
+@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) |
58 |
|
59 |
-- if (key == '\b') |
60 |
-+ if (key == '\b' && cur_len) |
61 |
+ if (key == '\b') |
62 |
{ |
63 |
- cur_len--; |
64 |
+- cur_len--; |
65 |
++ if (cur_len) |
66 |
++ cur_len--; |
67 |
continue; |
68 |
+ } |
69 |
+ |
70 |
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c |
71 |
-index c6bd96e..5782ec5 100644 |
72 |
+index c6bd96e..8615c48 100644 |
73 |
--- a/grub-core/normal/auth.c |
74 |
+++ b/grub-core/normal/auth.c |
75 |
-@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) |
76 |
- break; |
77 |
- } |
78 |
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) |
79 |
|
80 |
-- if (key == '\b') |
81 |
-+ if (key == '\b' && cur_len) |
82 |
+ if (key == '\b') |
83 |
{ |
84 |
- cur_len--; |
85 |
- grub_printf ("\b"); |
86 |
+- cur_len--; |
87 |
+- grub_printf ("\b"); |
88 |
++ if (cur_len) |
89 |
++ { |
90 |
++ cur_len--; |
91 |
++ grub_printf ("\b"); |
92 |
++ } |
93 |
+ continue; |
94 |
+ } |
95 |
+ |
96 |
-- |
97 |
-1.9.1 |
98 |
+2.6.4 |