[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[grub #58] Possible buffer overflow when loading image
From: |
neelnatu |
Subject: |
[grub #58] Possible buffer overflow when loading image |
Date: |
Wed, 12 Mar 2003 16:54:23 +0900 |
Reporter: address@hidden
Summary: Possible buffer overflow when loading image
Version: grub 0.93
Type: software bug
Message:
In stage2/boot.c, load_image() we determine the data_len
and then try to populate the already read data from "buffer"
into "linux_data_tmp_addr". If the "data_len" is between
(8192-512) and (8192) bytes we will memmove bytes from
beyond the end of "buffer".
--- boot.c 2003-03-11 23:43:25.000000000 -0800
+++ /tmp/boot.c2 2003-03-11 23:53:06.000000000 -0800
@@ -375,7 +375,7 @@
/* It is possible that DATA_LEN is greater than MULTIBOOT_SEARCH,
so the data may have been read partially. */
- if (data_len <= MULTIBOOT_SEARCH)
+ if ((data_len + SECTOR_SIZE) <= MULTIBOOT_SEARCH)
grub_memmove (linux_data_tmp_addr, buffer,
data_len + SECTOR_SIZE);
else
----
Please send followups to <address@hidden>.
- [grub #58] Possible buffer overflow when loading image,
neelnatu <=