| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
- From: Hector Marco-Gisbert <hecmargi@upv.es>
- Date: Fri, 13 Nov 2015 16:21:09 +0100
- Subject: [PATCH] Fix security issue when reading username and password
- This patch fixes two integer underflows at:
- * grub-core/lib/crypto.c
- * grub-core/normal/auth.c
- Resolves: CVE-2015-8370
- Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
- Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
- ---
- grub-core/lib/crypto.c | 2 +-
- grub-core/normal/auth.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
- --- a/grub-core/lib/crypto.c
- +++ b/grub-core/lib/crypto.c
- @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
- break;
- }
-
- - if (key == '\b')
- + if (key == '\b' && cur_len)
- {
- if (cur_len)
- cur_len--;
- --- a/grub-core/normal/auth.c
- +++ b/grub-core/normal/auth.c
- @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
- break;
- }
-
- - if (key == '\b')
- + if (key == '\b' && cur_len)
- {
- if (cur_len)
- {
|
