grub-mkstandalone: out of bound access to tar header magic

Magic size is 6 bytes and we copied 7 bytes in it.

CID: 73587, 73888
Closes bug 43690

diff --git a/ChangeLog b/ChangeLog
index 6fbec061d6e9c11ca816cbd3afd88596ae4f1ff4..930ceb20c0699e3d5f7732306ffdd18dee01c397 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-28  Andrei Borzenkov  <arvidjaar@gmail.com>
+
+       * util/grub-mkstandalone.c (add_tar_file): Fix out of bound access
+       to hd.magic (Coverity CID 73587, 73888, bug 43690).
+
 2014-11-20  Andrei Borzenkov  <arvidjaar@gmail.com>
 
        * tests/util/grub-fs-tester.in: Consistently print output

diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
index 8e2a2b8c27a0fd84cc438c790a49f653369c7165..6017d71550f24fffe43ed0569a968974e369bbc6 100644 (file)
--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
@@ -236,7 +236,7 @@ add_tar_file (const char *from,
       set_tar_value (hd.size, optr - tcn, 12);
       set_tar_value (hd.mtime, mtime, 12);
       hd.typeflag = 'L';
-      memcpy (hd.magic, "ustar  ", 7);
+      memcpy (hd.magic, MAGIC, sizeof (hd.magic));
       memcpy (hd.uname, "grub", 4);
       memcpy (hd.gname, "grub", 4);
 
@@ -266,7 +266,7 @@ add_tar_file (const char *from,
   set_tar_value (hd.size, size, 12);
   set_tar_value (hd.mtime, mtime, 12);
   hd.typeflag = '0';
-  memcpy (hd.magic, "ustar  ", 7);
+  memcpy (hd.magic, MAGIC, sizeof (hd.magic));
   memcpy (hd.uname, "grub", 4);
   memcpy (hd.gname, "grub", 4);