bug-grub
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[grub #58] Possible buffer overflow when loading image


From: neelnatu
Subject: [grub #58] Possible buffer overflow when loading image
Date: Wed, 12 Mar 2003 16:54:23 +0900

Reporter: address@hidden
Summary: Possible buffer overflow when loading image
Version: grub 0.93
Type: software bug

Message:
In stage2/boot.c, load_image() we determine the data_len
and then try to populate the already read data from "buffer"
into "linux_data_tmp_addr". If the "data_len" is between
(8192-512) and (8192) bytes we will memmove bytes from 
beyond the end of "buffer".

--- boot.c      2003-03-11 23:43:25.000000000 -0800
+++ /tmp/boot.c2        2003-03-11 23:53:06.000000000 -0800
@@ -375,7 +375,7 @@

          /* It is possible that DATA_LEN is greater than MULTIBOOT_SEARCH,
             so the data may have been read partially.  */
-         if (data_len <= MULTIBOOT_SEARCH)
+         if ((data_len + SECTOR_SIZE) <= MULTIBOOT_SEARCH)
            grub_memmove (linux_data_tmp_addr, buffer,
                          data_len + SECTOR_SIZE);
          else


----
Please send followups to <address@hidden>.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]