Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
openwrt_lede
/
package
/
boot
/
grub2
/
patches
/
300-CVE-2015-8370.patch

300-CVE-2015-8370.patch 1.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Hector Marco-Gisbert <hecmargi@upv.es>
    3. 

  3. Date: Fri, 13 Nov 2015 16:21:09 +0100
    4. 

  4. Subject: [PATCH] Fix security issue when reading username and password
    5. 

  5. 

  6.   This patch fixes two integer underflows at:
    7. 

  7.     * grub-core/lib/crypto.c
    8. 

  8.     * grub-core/normal/auth.c
    9. 

  9. 

  10. Resolves: CVE-2015-8370
    11. 

  11. 

  12. Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
    13. 

  13. Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
    14. 

  14. ---
    15. 

  15.  grub-core/lib/crypto.c  | 2 +-
    16. 

  16.  grub-core/normal/auth.c | 2 +-
    17. 

  17.  2 files changed, 2 insertions(+), 2 deletions(-)
    18. 

  18. 

  19. --- a/grub-core/lib/crypto.c
    20. 

  20. +++ b/grub-core/lib/crypto.c
    21. 

  21. @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
    22. 

  22.  	  break;
    23. 

  23.  	}
    24. 

  24.  
    25. 

  25. -      if (key == '\b')
    26. 

  26. +      if (key == '\b' && cur_len)
    27. 

  27.  	{
    28. 

  28.  	  if (cur_len)
    29. 

  29.  	    cur_len--;
    30. 

  30. --- a/grub-core/normal/auth.c
    31. 

  31. +++ b/grub-core/normal/auth.c
    32. 

  32. @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
    33. 

  33.  	  break;
    34. 

  34.  	}
    35. 

  35.  
    36. 

  36. -      if (key == '\b')
    37. 

  37. +      if (key == '\b' && cur_len)
    38. 

  38.  	{
    39. 

  39.  	  if (cur_len)
    40. 

  40.  	    {
    41.