diff options
Diffstat (limited to 'resources/grub/patch/secfix')
-rw-r--r-- | resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch deleted file mode 100644 index 5701b54..0000000 --- a/resources/grub/patch/secfix/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert <hecmargi@upv.es> -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> -Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..524a3d8 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - continue; -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..5782ec5 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - grub_printf ("\b"); --- -1.9.1 - |