Re: [PATCH] Fix security issue when reading username and password

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix security issue when reading username and password

From:	Hector Marco
Subject:	Re: [PATCH] Fix security issue when reading username and password
Date:	Thu, 24 Oct 2019 15:13:44 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

Hello Daniel,

The patch prevents that "cur_len" underflows. No negative values for
"cur_len" so way to underflow the "cur_len" variable and therefore

I hope this helps,

Hector.



On 23/10/2019 11:14, Daniel Kiper wrote:
> On Fri, Oct 18, 2019 at 02:39:01PM +0200, Javier Martinez Canillas wrote:
>> From: Hector Marco-Gisbert <address@hidden>
>>
>>   This patch fixes two integer underflows at:
>>     * grub-core/lib/crypto.c
>>     * grub-core/normal/auth.c
>>
>> Resolves: CVE-2015-8370
>>
>> Signed-off-by: Hector Marco-Gisbert <address@hidden>
>> Signed-off-by: Ismael Ripoll-Ripoll <address@hidden>
>> Signed-off-by: Javier Martinez Canillas <address@hidden>
>> ---
>>
>>  grub-core/lib/crypto.c  | 2 +-
>>  grub-core/normal/auth.c | 2 +-
>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
>> index ca334d5a40e..e6c78d16d39 100644
>> --- a/grub-core/lib/crypto.c
>> +++ b/grub-core/lib/crypto.c
>> @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
>>        break;
>>      }
>>
>> -      if (key == '\b')
>> +      if (key == '\b' && cur_len)
>>      {
>>        if (cur_len)
>>          cur_len--;
>> diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
>> index 6be678c0de1..c35ce972473 100644
>> --- a/grub-core/normal/auth.c
>> +++ b/grub-core/normal/auth.c
>> @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
>>        break;
>>      }
>>
>> -      if (key == GRUB_TERM_BACKSPACE)
>> +      if (key == GRUB_TERM_BACKSPACE && cur_len)
>>      {
>>        if (cur_len)
>>          {
> 
> TBH, I do not understand how this patch helps. It only delays continue
> execution to the next "if (!grub_isprint (key))" if cur_len == 0.
> 
> Daniel
>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Fix security issue when reading username and password, Javier Martinez Canillas, 2019/10/18
- Re: [PATCH] Fix security issue when reading username and password, Daniel Kiper, 2019/10/23
  - Re: [PATCH] Fix security issue when reading username and password, Hector Marco <=
    - Re: [PATCH] Fix security issue when reading username and password, Hector Marco, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, Daniel Kiper, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, Vladimir 'phcoder' Serbinenko, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, iripoll, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, Hector Marco, 2019/10/24
- Re: [PATCH] Fix security issue when reading username and password, Vladimir 'phcoder' Serbinenko, 2019/10/24
  - Re: [PATCH] Fix security issue when reading username and password, Javier Martinez Canillas, 2019/10/24

Prev by Date: Re: [PATCH v4 2/5] net/dhcp: Consistently use decimal numbers for DHCP/BOOTP options enum
Next by Date: Re: [PATCH v4 5/5] docs: Update info with grub.cfg netboot selection order
Previous by thread: Re: [PATCH] Fix security issue when reading username and password
Next by thread: Re: [PATCH] Fix security issue when reading username and password
Index(es):
- Date
- Thread