Fix security issue when reading username and password

This patch fixes two integer underflows at:
  * grub-core/lib/crypto.c
  * grub-core/normal/auth.c

CVE-2015-8370

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>

diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index 010e550d162bd45cf68bf9e47e78a5f2ff9af45a..683a8aaa711c4eab0208d116cd7275a6ac678986 100644 (file)
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size)
 
       if (key == '\b')
        {
-         cur_len--;
+         if (cur_len)
+           cur_len--;
          continue;
        }
 

diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
index c6bd96e28ec28a6906791e8461ee8ea41387b436..8615c48c34defbf89a72ac7f8bde7f8c93f6f5a5 100644 (file)
--- a/grub-core/normal/auth.c
+++ b/grub-core/normal/auth.c
@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size)
 
       if (key == '\b')
        {
-         cur_len--;
-         grub_printf ("\b");
+         if (cur_len)
+           {
+             cur_len--;
+             grub_printf ("\b");
+           }
          continue;
        }