projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 44fb4620 MF |
1 | From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 |
| 2 | From: Hector Marco-Gisbert <hecmargi@upv.es> | |
| 3 | Date: Fri, 13 Nov 2015 16:21:09 +0100 | |
| 4 | Subject: [PATCH] Fix security issue when reading username and password | |
| 5 | ||
| 6 | This patch fixes two integer underflows at: | |
| 7 | * grub-core/lib/crypto.c | |
| 8 | * grub-core/normal/auth.c | |
| 9 | ||
| 10 | Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> | |
| 11 | Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> | |
| 12 | --- | |
| 13 | grub-core/lib/crypto.c | 2 +- | |
| 14 | grub-core/normal/auth.c | 2 +- | |
| 15 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
| 16 | ||
| 17 | diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c | |
| 18 | index 010e550..524a3d8 100644 | |
| 19 | --- a/grub-core/lib/crypto.c | |
| 20 | +++ b/grub-core/lib/crypto.c | |
| 21 | @@ -456,7 +456,7 @@ grub_password_get (char buf[], unsigned buf_size) | |
| 22 | break; | |
| 23 | } | |
| 24 | ||
| 25 | - if (key == '\b') | |
| 26 | + if (key == '\b' && cur_len) | |
| 27 | { | |
| 28 | cur_len--; | |
| 29 | continue; | |
| 30 | diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c | |
| 31 | index c6bd96e..5782ec5 100644 | |
| 32 | --- a/grub-core/normal/auth.c | |
| 33 | +++ b/grub-core/normal/auth.c | |
| 34 | @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) | |
| 35 | break; | |
| 36 | } | |
| 37 | ||
| 38 | - if (key == '\b') | |
| 39 | + if (key == '\b' && cur_len) | |
| 40 | { | |
| 41 | cur_len--; | |
| 42 | grub_printf ("\b"); | |
| 43 | -- | |
| 44 | 1.9.1 | |
| 45 |