From: Vladimir Serbinenko <phcoder@gmail.com>
Date: Sat, 24 Jan 2015 23:11:59 +0000 (+0100)
Subject: fs/cpio_common: Add a sanity check on namesize.
X-Git-Tag: 2.02-beta3~515
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=faad548ce3b906535acaeff95777b46836b817e6;p=thirdparty%2Fgrub.git

fs/cpio_common: Add a sanity check on namesize.

Found by: Coverity scan.
---

diff --git a/grub-core/fs/cpio_common.c b/grub-core/fs/cpio_common.c
index b0ae9f445..20230a741 100644
--- a/grub-core/fs/cpio_common.c
+++ b/grub-core/fs/cpio_common.c
@@ -61,6 +61,14 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name,
   modeval = read_number (hd.mode, ARRAY_SIZE (hd.mode));
   namesize = read_number (hd.namesize, ARRAY_SIZE (hd.namesize));
 
+  /* Don't allow negative numbers.  */
+  if (namesize >= 0x80000000)
+    {
+      /* Probably a corruption, don't attempt to recover.  */
+      *mode = GRUB_ARCHELP_ATTR_END;
+      return GRUB_ERR_NONE;
+    }
+
   if (mode)
     *mode = modeval;