rpms / grubby

Clone
Source Code
GIT

Blame SOURCES/0019-Don-t-go-past-the-last-element-of-indexVars-in-findE.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-armhfp c8 c8-beta c8s c9 c9-beta
  1.   16aa691eb1d0af47388034f61a6fa397c3d961d1
  2.   SOURCES
  3.   0019-Don-t-go-past-the-last-element-of-indexVars-in-findE.patch
Blob History Raw
16aa69 
From 5851c34b92069dd955e862b856bb732eb263b058 Mon Sep 17 00:00:00 2001
16aa69 
From: Yannick Brosseau <scientist@fb.com>
16aa69 
Date: Thu, 3 Jul 2014 13:55:19 -0700
16aa69 
Subject: [PATCH 19/41] Don't go past the last element of indexVars in
16aa69 
 findEntryByPath
16aa69
16aa69 
We add a chance of creating an infinite loop, because we
16aa69 
were reading memory past the last element of indexVars set to -1.
16aa69
16aa69 
This issue was only apparent with -O2, probably because the way the
16aa69 
memory was initialized.
16aa69
16aa69 
Signed-off-by: Yannick Brosseau <scientist@fb.com>
16aa69 
---
16aa69 
 grubby.c | 8 +++++---
16aa69 
 1 file changed, 5 insertions(+), 3 deletions(-)
16aa69
16aa69 
diff --git a/grubby.c b/grubby.c
16aa69 
index 4516b92..4462fb9 100644
16aa69 
--- a/grubby.c
16aa69 
+++ b/grubby.c
16aa69 
@@ -1954,11 +1954,13 @@ struct singleEntry * findEntryByPath(struct grubConfig * config,
16aa69 
 	}
16aa69
16aa69 
 	indexVars[i + 1] = -1;
16aa69 
-
16aa69 
+
16aa69 
 	i = 0;
16aa69 
 	if (index) {
16aa69 
-	    while (i < *index) i++;
16aa69 
-	    if (indexVars[i] == -1) return NULL;
16aa69 
+	    while (i < *index) {
16aa69 
+		i++;
16aa69 
+		if (indexVars[i] == -1) return NULL;
16aa69 
+	    }
16aa69 
 	}
16aa69
16aa69 
 	entry = findEntryByIndex(config, indexVars[i]);
16aa69 
--
16aa69 
2.4.3
16aa69

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation