OpenWrt – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 2 | From: Hector Marco-Gisbert <hecmargi@upv.es> |
||
| 3 | Date: Fri, 13 Nov 2015 16:21:09 +0100 |
||
| 4 | Subject: [PATCH] Fix security issue when reading username and password |
||
| 5 | |||
| 6 | This patch fixes two integer underflows at: |
||
| 7 | * grub-core/lib/crypto.c |
||
| 8 | * grub-core/normal/auth.c |
||
| 9 | |||
| 10 | Resolves: CVE-2015-8370 |
||
| 11 | |||
| 12 | Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> |
||
| 13 | Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> |
||
| 14 | --- |
||
| 15 | grub-core/lib/crypto.c | 2 +- |
||
| 16 | grub-core/normal/auth.c | 2 +- |
||
| 17 | 2 files changed, 2 insertions(+), 2 deletions(-) |
||
| 18 | |||
| 19 | --- a/grub-core/lib/crypto.c |
||
| 20 | +++ b/grub-core/lib/crypto.c |
||
| 21 | @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned |
||
| 22 | break; |
||
| 23 | } |
||
| 24 | |||
| 25 | - if (key == '\b') |
||
| 26 | + if (key == '\b' && cur_len) |
||
| 27 | { |
||
| 28 | if (cur_len) |
||
| 29 | cur_len--; |
||
| 30 | --- a/grub-core/normal/auth.c |
||
| 31 | +++ b/grub-core/normal/auth.c |
||
| 32 | @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned |
||
| 33 | break; |
||
| 34 | } |
||
| 35 | |||
| 36 | - if (key == '\b') |
||
| 37 | + if (key == '\b' && cur_len) |
||
| 38 | { |
||
| 39 | if (cur_len) |
||
| 40 | { |