mirror of
https://codeberg.org/canoeboot/cbmk.git
synced 2025-02-23 14:59:50 +00:00
b74a7f0cc6
You can find information about these patches here: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html GRUB has been on a crusade as of late, to proactively audit and fix many security vulnerabilities. This lbmk change brings in a comprehensive series of patches that fix bugs ranging from possible buffer overflows, use-after frees, null derefs and so on. These changes are critical, so a revision release *will* be issued, for the Libreboot 20241206 release series. This change imports the following 73 patches which are present on the upstream GRUB repository (commit IDs matched to upstream): * 4dc616657 loader/i386/bsd: Use safe math to avoid underflow * 490a6ab71 loader/i386/linux: Cast left shift to grub_uint32_t * a8d6b0633 kern/misc: Add sanity check after grub_strtoul() call * 8e6e87e79 kern/partition: Add sanity check after grub_strtoul() call * 5b36a5210 normal/menu: Use safe math to avoid an integer overflow * 9907d9c27 bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t * f8795cde2 misc: Ensure consistent overflow error messages * 66733f7c7 osdep/unix/getroot: Fix potential underflow * d13b6e8eb script/execute: Fix potential underflow and NULL dereference * e3c578a56 fs/sfs: Check if allocated memory is NULL * 1c06ec900 net: Check if returned pointer for allocated memory is NULL * dee2c14fd net: Prevent overflows when allocating memory for arrays * 4beeff8a3 net: Use safe math macros to prevent overflows * dd6a4c8d1 fs/zfs: Add missing NULL check after grub_strdup() call * 13065f69d fs/zfs: Check if returned pointer for allocated memory is NULL * 7f38e32c7 fs/zfs: Prevent overflows when allocating memory for arrays * 88e491a0f fs/zfs: Use safe math macros to prevent overflows * cde9f7f33 fs: Prevent overflows when assigning returned values from read_number() * 84bc0a9a6 fs: Prevent overflows when allocating memory for arrays * 6608163b0 fs: Use safe math macros to prevent overflows * fbaddcca5 disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails * 33bd6b5ac disk: Check if returned pointer for allocated memory is NULL * d8151f983 disk: Prevent overflows when allocating memory for arrays * c407724da disk: Use safe math macros to prevent overflows * c4bc55da2 fs: Disable many filesystems under lockdown * 26db66050 fs/bfs: Disable under lockdown * 5f31164ae commands/hexdump: Disable memory reading in lockdown mode * 340e4d058 commands/memrw: Disable memory reading in lockdown mode * 34824806a commands/minicmd: Block the dump command in lockdown mode * c68b7d236 commands/test: Stack overflow due to unlimited recursion depth * dad8f5029 commands/read: Fix an integer overflow when supplying more than 2^31 characters * b970a5ed9 gettext: Integer overflow leads to heap OOB write * 09bd6eb58 gettext: Integer overflow leads to heap OOB write or read * 7580addfc gettext: Remove variables hooks on module unload * 9c1619773 normal: Remove variables hooks on module unload * 2123c5bca commands/pgp: Unregister the "check_signatures" hooks on module unload * 0bf56bce4 commands/ls: Fix NULL dereference * 05be856a8 commands/extcmd: Missing check for failed allocation * 98ad84328 kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols() * d72208423 kern/dl: Use correct segment in grub_dl_set_mem_attrs() * 500e5fdd8 kern/dl: Fix for an integer overflow in grub_dl_ref() * 2c34af908 video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG * 0707accab net/tftp: Fix stack buffer overflow in tftp_open() * 5eef88152 net: Fix OOB write in grub_net_search_config_file() * aa8b4d7fa net: Remove variables hooks when interface is unregisted * a1dd8e59d net: Unregister net_default_ip and net_default_mac variables hooks on unload * d8a937cca script/execute: Limit the recursion depth * 8a7103fdd kern/partition: Limit recursion in part_iterate() * 18212f064 kern/disk: Limit recursion depth * 67f70f70a disk/loopback: Reference tracking for the loopback * 13febd78d disk/cryptodisk: Require authentication after TPM unlock for CLI access * 16f196874 kern/file: Implement filesystem reference counting * a79106872 kern/file: Ensure file->data is set * d1d6b7ea5 fs/xfs: Ensuring failing to mount sets a grub_errno * 6ccc77b59 fs/xfs: Fix out-of-bounds read * 067b6d225 fs/ntfs: Implement attribute verification * 048777bc2 fs/ntfs: Use a helper function to access attributes * 237a71184 fs/ntfs: Track the end of the MFT attribute buffer * aff263187 fs/ntfs: Fix out-of-bounds read * 7e2f750f0 fs/ext2: Fix out-of-bounds read for inline extents * edd995a26 fs/jfs: Inconsistent signed/unsigned types usage in return values * bd999310f fs/jfs: Use full 40 bits offset and address for a data extent * ab09fd053 fs/jfs: Fix OOB read caused by invalid dir slot index * 66175696f fs/jfs: Fix OOB read in jfs_getent() * 1443833a9 fs/iso9660: Fix invalid free * 965db5970 fs/iso9660: Set a grub_errno if mount fails * f7c070a2e fs/hfsplus: Set a grub_errno if mount fails * 563436258 fs/f2fs: Set a grub_errno if mount fails * 0087bc690 fs/tar: Integer overflow leads to heap OOB write * 2c8ac08c9 fs/tar: Initialize name in grub_cpio_find_file() * 417547c10 fs/hfs: Fix stack OOB write with grub_strcpy() * c1a291b01 fs/ufs: Fix a heap OOB write * ea703528a misc: Implement grub_strlcpy() Signed-off-by: Leah Rowe <leah@libreboot.org>
43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
From 32c6d97e2a80c2e74dd9daf74281a89d1a05faaa Mon Sep 17 00:00:00 2001
|
|
From: Sven Anderson <sven@anderson.de>
|
|
Date: Mon, 13 Jan 2025 19:51:41 +0100
|
|
Subject: [PATCH 22/26] xhci: fix port indexing
|
|
|
|
---
|
|
grub-core/bus/usb/xhci.c | 10 +++++-----
|
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/grub-core/bus/usb/xhci.c b/grub-core/bus/usb/xhci.c
|
|
index f4591ffb5..dc89b9619 100644
|
|
--- a/grub-core/bus/usb/xhci.c
|
|
+++ b/grub-core/bus/usb/xhci.c
|
|
@@ -2250,7 +2250,7 @@ grub_xhci_detect_dev (grub_usb_controller_t dev, int port, int *changed)
|
|
|
|
*changed = 0;
|
|
grub_dprintf("xhci", "%s: dev=%p USB%d_%d port %d\n", __func__, dev,
|
|
- x->psids[port-1].major, x->psids[port-1].minor, port);
|
|
+ x->psids[port].major, x->psids[port].minor, port);
|
|
|
|
/* On shutdown advertise all ports as disconnected. This will trigger
|
|
* a gracefull detatch. */
|
|
@@ -2285,13 +2285,13 @@ grub_xhci_detect_dev (grub_usb_controller_t dev, int port, int *changed)
|
|
if (!(portsc & GRUB_XHCI_PORTSC_CCS))
|
|
return GRUB_USB_SPEED_NONE;
|
|
|
|
- for (grub_uint8_t i = 0; i < 16 && x->psids[port-1].psids[i].id > 0; i++)
|
|
+ for (grub_uint8_t i = 0; i < 16 && x->psids[port].psids[i].id > 0; i++)
|
|
{
|
|
- if (x->psids[port-1].psids[i].id == speed)
|
|
+ if (x->psids[port].psids[i].id == speed)
|
|
{
|
|
grub_dprintf("xhci", "%s: grub_usb_speed = %d\n", __func__,
|
|
- x->psids[port-1].psids[i].grub_usb_speed );
|
|
- return x->psids[port-1].psids[i].grub_usb_speed;
|
|
+ x->psids[port].psids[i].grub_usb_speed );
|
|
+ return x->psids[port].psids[i].grub_usb_speed;
|
|
}
|
|
}
|
|
|
|
--
|
|
2.39.5
|
|
|