]> git.ipfire.org Git - thirdparty/grub.git/commitdiff
projects / thirdparty / grub.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b6f21bc)
fs/cpio_common: Add a sanity check on namesize.
authorVladimir Serbinenko <phcoder@gmail.com>
Sat, 24 Jan 2015 23:11:59 +0000 (00:11 +0100)
committerVladimir Serbinenko <phcoder@gmail.com>
Sat, 24 Jan 2015 23:11:59 +0000 (00:11 +0100)
Found by: Coverity scan.

grub-core/fs/cpio_common.c patch | blob | blame | history

diff --git a/grub-core/fs/cpio_common.c b/grub-core/fs/cpio_common.c
index b0ae9f445cc6b91d4b5f4bc373fd8e7a8c94914b..20230a7411d2bdf00f74bf830854baaca7851418 100644 (file)
--- a/grub-core/fs/cpio_common.c
+++ b/grub-core/fs/cpio_common.c
@@ -61,6 +61,14 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
   modeval = read_number (hd.mode, ARRAY_SIZE (hd.mode));
   namesize = read_number (hd.namesize, ARRAY_SIZE (hd.namesize));
 
+  /* Don't allow negative numbers.  */
+  if (namesize >= 0x80000000)
+    {
+      /* Probably a corruption, don't attempt to recover.  */
+      *mode = GRUB_ARCHELP_ATTR_END;
+      return GRUB_ERR_NONE;
+    }
+
   if (mode)
     *mode = modeval;
 
Mirror of https://git.savannah.gnu.org/git/grub.git