rpms / grubby

Clone
Source Code
GIT

Blame SOURCES/0019-Don-t-go-past-the-last-element-of-indexVars-in-findE.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-armhfp c8 c8-beta c8s c9 c9-beta
  1.   c7-sig-altarch-armhfp
  2.   SOURCES
  3.   0019-Don-t-go-past-the-last-element-of-indexVars-in-findE.patch
Blob History Raw
56d25d 
From 5851c34b92069dd955e862b856bb732eb263b058 Mon Sep 17 00:00:00 2001
56d25d 
From: Yannick Brosseau <scientist@fb.com>
56d25d 
Date: Thu, 3 Jul 2014 13:55:19 -0700
56d25d 
Subject: [PATCH 19/41] Don't go past the last element of indexVars in
56d25d 
 findEntryByPath
56d25d
56d25d 
We add a chance of creating an infinite loop, because we
56d25d 
were reading memory past the last element of indexVars set to -1.
56d25d
56d25d 
This issue was only apparent with -O2, probably because the way the
56d25d 
memory was initialized.
56d25d
56d25d 
Signed-off-by: Yannick Brosseau <scientist@fb.com>
56d25d 
---
56d25d 
 grubby.c | 8 +++++---
56d25d 
 1 file changed, 5 insertions(+), 3 deletions(-)
56d25d
56d25d 
diff --git a/grubby.c b/grubby.c
56d25d 
index 4516b92..4462fb9 100644
56d25d 
--- a/grubby.c
56d25d 
+++ b/grubby.c
56d25d 
@@ -1954,11 +1954,13 @@ struct singleEntry * findEntryByPath(struct grubConfig * config,
56d25d 
 	}
56d25d
56d25d 
 	indexVars[i + 1] = -1;
56d25d 
-
56d25d 
+
56d25d 
 	i = 0;
56d25d 
 	if (index) {
56d25d 
-	    while (i < *index) i++;
56d25d 
-	    if (indexVars[i] == -1) return NULL;
56d25d 
+	    while (i < *index) {
56d25d 
+		i++;
56d25d 
+		if (indexVars[i] == -1) return NULL;
56d25d 
+	    }
56d25d 
 	}
56d25d
56d25d 
 	entry = findEntryByIndex(config, indexVars[i]);
56d25d 
--
56d25d 
2.4.3
56d25d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation