Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
grub2.16002
fix-overflows-in-grub_password_get-and-grub_use...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-overflows-in-grub_password_get-and-grub_user_get.patch of Package grub2.16002
From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 From: Hector Marco-Gisbert <hecmargi@upv.es> Date: Fri, 13 Nov 2015 16:21:09 +0100 Subject: [PATCH] Fix security issue when reading username and password This patch fixes two integer underflows at: * grub-core/lib/crypto.c * grub-core/normal/auth.c Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> --- grub-core/lib/crypto.c | 2 +- grub-core/normal/auth.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c index 010e550..524a3d8 100644 --- a/grub-core/lib/crypto.c +++ b/grub-core/lib/crypto.c @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) break; } - if (key == '\b') + if (key == '\b' && cur_len) { cur_len--; continue; diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c index c6bd96e..5782ec5 100644 --- a/grub-core/normal/auth.c +++ b/grub-core/normal/auth.c @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) break; } - if (key == '\b') + if (key == '\b' && cur_len) { cur_len--; grub_printf ("\b"); -- 1.9.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor