grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/4] fs/hfsplus: Prevent out of bound access in catalog file

From: Vladimir 'phcoder' Serbinenko
Subject: Re: [PATCH 2/4] fs/hfsplus: Prevent out of bound access in catalog file
Date: Fri, 21 Apr 2023 00:09:23 +0200 
On Thu, Apr 20, 2023 at 8:00 PM Lidong Chen <lidong.chen@oracle.com> wrote:
>
> A corrupted hfsplus can have a catalog key that is out of range.
> This can lead to out of bound access when advancing the pointer to
> access catalog file info.
Can you explain where 6 and 516 come from?
>
> Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
> ---
>  grub-core/fs/hfsplus.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
> index 1ffebc8be..9c1f12574 100644
> --- a/grub-core/fs/hfsplus.c
> +++ b/grub-core/fs/hfsplus.c
> @@ -87,6 +87,9 @@ struct grub_hfsplus_catfile
>  #define HFSPLUS_BTNODE_MINSZ   (1 << 9)
>  #define HFSPLUS_BTNODE_MAXSZ   (1 << 15)
>
> +#define HFSPLUS_CATKEY_MIN_LEN 6
> +#define HFSPLUS_CATKEY_MAX_LEN 516
> +
>  /* Some pre-defined file IDs.  */
>  enum
>    {
> @@ -699,6 +702,13 @@ list_nodes (void *record, void *hook_arg)
>
>    catkey = (struct grub_hfsplus_catkey *) record;
>
> +  if (grub_be_to_cpu16 (catkey->keylen) < HFSPLUS_CATKEY_MIN_LEN ||
> +      grub_be_to_cpu16 (catkey->keylen) > HFSPLUS_CATKEY_MAX_LEN)
> +    {
> +      grub_error (GRUB_ERR_BAD_FS, "catalog key length is out of range");
> +      return 1;
> +    }
> +
>    fileinfo =
>      (struct grub_hfsplus_catfile *) ((char *) record
>                                      + grub_be_to_cpu16 (catkey->keylen)
> --
> 2.39.1
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel



-- 
Regards
Vladimir 'phcoder' Serbinenko
reply via email to
[Prev in Thread] Current Thread [Next in Thread]