]>
Commit | Line | Data |
---|---|---|
44fb4620 MF |
1 | From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 |
2 | From: Hector Marco-Gisbert <hecmargi@upv.es> | |
3 | Date: Fri, 13 Nov 2015 16:21:09 +0100 | |
4 | Subject: [PATCH] Fix security issue when reading username and password | |
5 | ||
6 | This patch fixes two integer underflows at: | |
7 | * grub-core/lib/crypto.c | |
8 | * grub-core/normal/auth.c | |
9 | ||
10 | Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> | |
11 | Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> | |
12 | --- | |
13 | grub-core/lib/crypto.c | 2 +- | |
14 | grub-core/normal/auth.c | 2 +- | |
15 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
16 | ||
17 | diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c | |
18 | index 010e550..524a3d8 100644 | |
19 | --- a/grub-core/lib/crypto.c | |
20 | +++ b/grub-core/lib/crypto.c | |
21 | @@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size) | |
22 | break; | |
23 | } | |
24 | ||
25 | - if (key == '\b') | |
26 | + if (key == '\b' && cur_len) | |
27 | { | |
28 | cur_len--; | |
29 | continue; | |
30 | diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c | |
31 | index c6bd96e..5782ec5 100644 | |
32 | --- a/grub-core/normal/auth.c | |
33 | +++ b/grub-core/normal/auth.c | |
34 | @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) | |
35 | break; | |
36 | } | |
37 | ||
38 | - if (key == '\b') | |
39 | + if (key == '\b' && cur_len) | |
40 | { | |
41 | cur_len--; | |
42 | grub_printf ("\b"); | |
43 | -- | |
44 | 1.9.1 | |
45 |