Re: [PATCH] Fix security issue when reading username and password

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix security issue when reading username and password

From:	Hector Marco
Subject:	Re: [PATCH] Fix security issue when reading username and password
Date:	Thu, 24 Oct 2019 15:22:43 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

Hello Daniel,

Something went wrong in my last email, what I wanted to say is:

The patch prevents that "cur_len" underflows. No negative values for
"cur_len" so no way to underflow the "cur_len" variable and therefore no
vulnerability.

Hector.


On 24/10/2019 15:13, Hector Marco wrote:
> Hello Daniel,
> 
> The patch prevents that "cur_len" underflows. No negative values for
> "cur_len" so way to underflow the "cur_len" variable and therefore
> 
> I hope this helps,
> 
> Hector.
> 
> 
> 
> On 23/10/2019 11:14, Daniel Kiper wrote:
>> On Fri, Oct 18, 2019 at 02:39:01PM +0200, Javier Martinez Canillas wrote:
>>> From: Hector Marco-Gisbert <address@hidden>
>>>
>>>   This patch fixes two integer underflows at:
>>>     * grub-core/lib/crypto.c
>>>     * grub-core/normal/auth.c
>>>
>>> Resolves: CVE-2015-8370
>>>
>>> Signed-off-by: Hector Marco-Gisbert <address@hidden>
>>> Signed-off-by: Ismael Ripoll-Ripoll <address@hidden>
>>> Signed-off-by: Javier Martinez Canillas <address@hidden>
>>> ---
>>>
>>>  grub-core/lib/crypto.c  | 2 +-
>>>  grub-core/normal/auth.c | 2 +-
>>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
>>> index ca334d5a40e..e6c78d16d39 100644
>>> --- a/grub-core/lib/crypto.c
>>> +++ b/grub-core/lib/crypto.c
>>> @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
>>>       break;
>>>     }
>>>
>>> -      if (key == '\b')
>>> +      if (key == '\b' && cur_len)
>>>     {
>>>       if (cur_len)
>>>         cur_len--;
>>> diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
>>> index 6be678c0de1..c35ce972473 100644
>>> --- a/grub-core/normal/auth.c
>>> +++ b/grub-core/normal/auth.c
>>> @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
>>>       break;
>>>     }
>>>
>>> -      if (key == GRUB_TERM_BACKSPACE)
>>> +      if (key == GRUB_TERM_BACKSPACE && cur_len)
>>>     {
>>>       if (cur_len)
>>>         {
>>
>> TBH, I do not understand how this patch helps. It only delays continue
>> execution to the next "if (!grub_isprint (key))" if cur_len == 0.
>>
>> Daniel
>>
>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Fix security issue when reading username and password, Javier Martinez Canillas, 2019/10/18
- Re: [PATCH] Fix security issue when reading username and password, Daniel Kiper, 2019/10/23
  - Re: [PATCH] Fix security issue when reading username and password, Hector Marco, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, Hector Marco <=
    - Re: [PATCH] Fix security issue when reading username and password, Daniel Kiper, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, Vladimir 'phcoder' Serbinenko, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, iripoll, 2019/10/24
    - Re: [PATCH] Fix security issue when reading username and password, Hector Marco, 2019/10/24
- Re: [PATCH] Fix security issue when reading username and password, Vladimir 'phcoder' Serbinenko, 2019/10/24
  - Re: [PATCH] Fix security issue when reading username and password, Javier Martinez Canillas, 2019/10/24

Prev by Date: Re: [PATCH v4 5/5] docs: Update info with grub.cfg netboot selection order
Next by Date: Re: [PATCH] Enable pager by default
Previous by thread: Re: [PATCH] Fix security issue when reading username and password
Next by thread: Re: [PATCH] Fix security issue when reading username and password
Index(es):
- Date
- Thread