#include <grub/net/netbuff.h>
#include <grub/net/udp.h>
#include <grub/datetime.h>
+#include <grub/safemath.h>
struct grub_dhcp_discover_options
{
unsigned num;
const grub_uint8_t *ptr;
grub_uint8_t taglength;
+ grub_uint8_t len;
if (argc < 4)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
if (grub_strcmp (args[3], "string") == 0)
{
grub_err_t err = GRUB_ERR_NONE;
- char *val = grub_malloc (taglength + 1);
+ char *val;
+
+ if (grub_add (taglength, 1, &len))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("tag length overflow"));
+
+ val = grub_malloc (len);
if (!val)
return grub_errno;
grub_memcpy (val, ptr, taglength);
if (grub_strcmp (args[3], "hex") == 0)
{
grub_err_t err = GRUB_ERR_NONE;
- char *val = grub_malloc (2 * taglength + 1);
+ char *val;
+
+ if (grub_mul (taglength, 2, &len) || grub_add (len, 1, &len))
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("tag length overflow"));
+
+ val = grub_malloc (len);
int i;
if (!val)
return grub_errno;
{
int length;
char *ret;
+ int len;
if (!check_name_real (name_at, head, tail, NULL, &length, NULL))
return NULL;
- ret = grub_malloc (length + 1);
+
+ if (grub_add (length, 1, &len))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("name length overflow"));
+ return NULL;
+ }
+ ret = grub_malloc (len);
if (!ret)
return NULL;
if (!check_name_real (name_at, head, tail, NULL, NULL, ret))
#include <grub/net.h>
#include <grub/time.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
grub_uint8_t *pprop;
char *shortname;
char need_suffix = 1;
+ grub_size_t sz;
if (grub_strcmp (alias->type, "network") != 0)
return 0;
}
if (need_suffix)
- ofdata->path = grub_malloc (grub_strlen (alias->path) + sizeof (SUFFIX));
+ {
+ if (grub_add (grub_strlen (alias->path), sizeof (SUFFIX), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obatining size of ofdata path"));
+ grub_print_error ();
+ return 0;
+ }
+ }
else
- ofdata->path = grub_malloc (grub_strlen (alias->path) + 1);
+ {
+ if (grub_add (grub_strlen (alias->path), 1, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obatining size of ofdata path"));
+ grub_print_error ();
+ return 0;
+ }
+ }
if (!ofdata->path)
{
grub_print_error ();
#include <grub/loader.h>
#include <grub/bufio.h>
#include <grub/kernel.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
{
struct grub_net_slaac_mac_list *slaac;
char *ptr;
+ grub_size_t sz;
for (slaac = card->slaac_list; slaac; slaac = slaac->next)
if (grub_net_hwaddr_cmp (&slaac->address, hwaddr) == 0)
if (!slaac)
return NULL;
- slaac->name = grub_malloc (grub_strlen (card->name)
- + GRUB_NET_MAX_STR_HWADDR_LEN
- + sizeof (":slaac"));
+ if (grub_add (grub_strlen (card->name),
+ (GRUB_NET_MAX_STR_HWADDR_LEN + sizeof (":slaac")), &sz))
+ {
+ grub_free (slaac);
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "overflow detected while obtaining size of slaac name");
+ return NULL;
+ }
+
+ slaac->name = grub_malloc (sz);
ptr = grub_stpcpy (slaac->name, card->name);
if (grub_net_hwaddr_cmp (&card->default_address, hwaddr) != 0)
{
char *name;
char *ptr;
grub_net_network_level_address_t addr;
+ grub_size_t sz;
addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6;
addr.ipv6[0] = grub_cpu_to_be64_compile_time (0xfe80ULL << 48);
return inf;
}
- name = grub_malloc (grub_strlen (card->name)
- + GRUB_NET_MAX_STR_HWADDR_LEN
- + sizeof (":link"));
+ if (grub_add (grub_strlen (card->name),
+ (GRUB_NET_MAX_STR_HWADDR_LEN + sizeof (":link")), &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "overflow detected while obtaining size of link name");
+ return NULL;
+ }
+ name = grub_malloc (sz);
if (!name)
return NULL;
if (grub_strchr (port_start + 1, ':'))
{
int iplen = grub_strlen (server);
+ grub_size_t sz;
/* Bracket bare IPv6 addr. */
- host = grub_malloc (iplen + 3);
+ if (grub_add (iplen, 3, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow detected while obtaining length of host"));
+ return NULL;
+ }
+ host = grub_malloc (sz);
if (!host)
return NULL;
{
char *varname, *varvalue;
char *ptr;
+ grub_size_t sz;
varname = grub_xasprintf ("net_%s_%s", intername, suffix);
if (!varname)
for (ptr = varname; *ptr; ptr++)
if (*ptr == ':')
*ptr = '_';
- varvalue = grub_malloc (len + 1);
+ if (grub_add (len, 1, &sz))
+ {
+ grub_free (varname);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "overflow detected while obtaining the size of an env variable");
+ }
+ varvalue = grub_malloc (sz);
if (!varvalue)
{
grub_free (varname);
projects / thirdparty / grub.git / commitdiff
