| 1 |
commit: 27cb6e8ce5f9c2faea0b4a39887d5d937b6107ef |
| 2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Dec 18 17:00:47 2015 +0000 |
| 4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Dec 18 17:00:47 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27cb6e8c |
| 7 |
|
| 8 |
sys-boot/grub: Replace patch for CVE-2015-8370 |
| 9 |
|
| 10 |
Use what actually got accepted upstream. |
| 11 |
|
| 12 |
Package-Manager: portage-2.2.26_p32 |
| 13 |
|
| 14 |
sys-boot/grub/files/CVE-2015-8370.patch | 57 +++++++++++++++++++-------------- |
| 15 |
1 file changed, 33 insertions(+), 24 deletions(-) |
| 16 |
|
| 17 |
diff --git a/sys-boot/grub/files/CVE-2015-8370.patch b/sys-boot/grub/files/CVE-2015-8370.patch |
| 18 |
index 5701b54..69e419e 100644 |
| 19 |
--- a/sys-boot/grub/files/CVE-2015-8370.patch |
| 20 |
+++ b/sys-boot/grub/files/CVE-2015-8370.patch |
| 21 |
@@ -1,45 +1,54 @@ |
| 22 |
-From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 |
| 23 |
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 |
| 24 |
From: Hector Marco-Gisbert <hecmargi@×××.es> |
| 25 |
-Date: Fri, 13 Nov 2015 16:21:09 +0100 |
| 26 |
+Date: Wed, 16 Dec 2015 07:57:18 +0300 |
| 27 |
Subject: [PATCH] Fix security issue when reading username and password |
| 28 |
|
| 29 |
- This patch fixes two integer underflows at: |
| 30 |
- * grub-core/lib/crypto.c |
| 31 |
- * grub-core/normal/auth.c |
| 32 |
+This patch fixes two integer underflows at: |
| 33 |
+ * grub-core/lib/crypto.c |
| 34 |
+ * grub-core/normal/auth.c |
| 35 |
+ |
| 36 |
+CVE-2015-8370 |
| 37 |
|
| 38 |
Signed-off-by: Hector Marco-Gisbert <hecmargi@×××.es> |
| 39 |
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@×××××××××.es> |
| 40 |
+Also-By: Andrey Borzenkov <arvidjaar@×××××.com> |
| 41 |
--- |
| 42 |
- grub-core/lib/crypto.c | 2 +- |
| 43 |
- grub-core/normal/auth.c | 2 +- |
| 44 |
- 2 files changed, 2 insertions(+), 2 deletions(-) |
| 45 |
+ grub-core/lib/crypto.c | 3 ++- |
| 46 |
+ grub-core/normal/auth.c | 7 +++++-- |
| 47 |
+ 2 files changed, 7 insertions(+), 3 deletions(-) |
| 48 |
|
| 49 |
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c |
| 50 |
-index 010e550..524a3d8 100644 |
| 51 |
+index 010e550..683a8aa 100644 |
| 52 |
--- a/grub-core/lib/crypto.c |
| 53 |
+++ b/grub-core/lib/crypto.c |
| 54 |
-@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) |
| 55 |
- break; |
| 56 |
- } |
| 57 |
+@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) |
| 58 |
|
| 59 |
-- if (key == '\b') |
| 60 |
-+ if (key == '\b' && cur_len) |
| 61 |
+ if (key == '\b') |
| 62 |
{ |
| 63 |
- cur_len--; |
| 64 |
+- cur_len--; |
| 65 |
++ if (cur_len) |
| 66 |
++ cur_len--; |
| 67 |
continue; |
| 68 |
+ } |
| 69 |
+ |
| 70 |
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c |
| 71 |
-index c6bd96e..5782ec5 100644 |
| 72 |
+index c6bd96e..8615c48 100644 |
| 73 |
--- a/grub-core/normal/auth.c |
| 74 |
+++ b/grub-core/normal/auth.c |
| 75 |
-@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) |
| 76 |
- break; |
| 77 |
- } |
| 78 |
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) |
| 79 |
|
| 80 |
-- if (key == '\b') |
| 81 |
-+ if (key == '\b' && cur_len) |
| 82 |
+ if (key == '\b') |
| 83 |
{ |
| 84 |
- cur_len--; |
| 85 |
- grub_printf ("\b"); |
| 86 |
+- cur_len--; |
| 87 |
+- grub_printf ("\b"); |
| 88 |
++ if (cur_len) |
| 89 |
++ { |
| 90 |
++ cur_len--; |
| 91 |
++ grub_printf ("\b"); |
| 92 |
++ } |
| 93 |
+ continue; |
| 94 |
+ } |
| 95 |
+ |
| 96 |
-- |
| 97 |
-1.9.1 |
| 98 |
+2.6.4 |
Archives