mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-05-04 11:01:27 +02:00
44fb4620ee
See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html "A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
46 lines
1.2 KiB
Diff
46 lines
1.2 KiB
Diff
From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
|
|
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
|
Date: Fri, 13 Nov 2015 16:21:09 +0100
|
|
Subject: [PATCH] Fix security issue when reading username and password
|
|
|
|
This patch fixes two integer underflows at:
|
|
* grub-core/lib/crypto.c
|
|
* grub-core/normal/auth.c
|
|
|
|
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
|
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
|
|
---
|
|
grub-core/lib/crypto.c | 2 +-
|
|
grub-core/normal/auth.c | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
|
|
index 010e550..524a3d8 100644
|
|
--- a/grub-core/lib/crypto.c
|
|
+++ b/grub-core/lib/crypto.c
|
|
@@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size)
|
|
break;
|
|
}
|
|
|
|
- if (key == '\b')
|
|
+ if (key == '\b' && cur_len)
|
|
{
|
|
cur_len--;
|
|
continue;
|
|
diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
|
|
index c6bd96e..5782ec5 100644
|
|
--- a/grub-core/normal/auth.c
|
|
+++ b/grub-core/normal/auth.c
|
|
@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
|
|
break;
|
|
}
|
|
|
|
- if (key == '\b')
|
|
+ if (key == '\b' && cur_len)
|
|
{
|
|
cur_len--;
|
|
grub_printf ("\b");
|
|
--
|
|
1.9.1
|
|
|