grub

~ubuntu-core-dev/grub/+git/ubuntu:focal-hotfix-lp1889556

  1. Git
  2. lp:~ubuntu-core-dev/grub/+git/ubuntu
  3. focal-hotfix-lp1889556
Last commit made on 2020-07-31
Get this branch:
git clone -b focal-hotfix-lp1889556 https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
focal-hotfix-lp1889556
Repository:
lp:~ubuntu-core-dev/grub/+git/ubuntu

Recent commits

3aabdc6... by Steve Langasek

debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc package, since we cannot be certain that it will install to the correct disk and a grub-install failure will render the system unbootable. LP: #1889556.

14f06d2... by Chris Coulson

releasing 2.04-1ubuntu26.1

55d6e11... by Chris Coulson

Add missing #include to grub-core/loader/arm64/linux.c

ec83738... by Colin Watson

efilinux: Fix integer overflows in grub_cmd_initrd

These could be triggered by an extremely large number of arguments to
the initrd command on 32-bit architectures, or a crafted filesystem with
very large files on any architecture.

Fixes: CVE-2020-15707

Signed-off-by: Colin Watson <email address hidden>

33b27a7... by Colin Watson

linux: Fix integer overflows in initrd size handling

These could be triggered by a crafted filesystem with very large files.

Fixes: CVE-2020-15707

Signed-off-by: Colin Watson <email address hidden>
Reviewed-by: Jan Setje-Eilers <email address hidden>

b47e1a6... by Peter Jones

linux loader: avoid overflow on initrd size calculation

Signed-off-by: Peter Jones <email address hidden>

04b3402... by Alexey Makhalov <email address hidden>

relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation

Current implementation of grub_relocator_alloc_chunk_align()
does not allow allocation of the top byte.

Assuming input args are:
  max_addr = 0xfffff000;
  size = 0x1000;

And this is valid. But following overflow protection will
unnecessarily move max_addr one byte down (to 0xffffefff):
  if (max_addr > ~size)
    max_addr = ~size;

~size + 1 will fix the situation. In addition, check size
for non zero to do not zero max_addr.

Signed-off-by: Alexey Makhalov <email address hidden>
Reviewed-by: Daniel Kiper <email address hidden>

a55ad29... by Alexey Makhalov <email address hidden>

relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow

This commit introduces integer underflow mitigation in max_addr calculation
in grub_relocator_alloc_chunk_align() invocation.

It consists of 2 fixes:
  1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
     sanity check for min/max and size values, and to make safe invocation of
     grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
     invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
     by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
  2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
     address (0xffffffff - size + 1) or similar.

Signed-off-by: Alexey Makhalov <email address hidden>
Reviewed-by: Daniel Kiper <email address hidden>

e4356cc... by Alexey Makhalov <email address hidden>

relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow

Use arithmetic macros from safemath.h to accomplish it. In this commit,
I didn't want to be too paranoid to check every possible math equation
for overflow/underflow. Only obvious places (with non zero chance of
overflow/underflow) were refactored.

Signed-off-by: Alexey Makhalov <email address hidden>
Reviewed-by: Daniel Kiper <email address hidden>

52538e3... by Chris Coulson

chainloader: Avoid a double free when validation fails