~ubuntu-core-dev/grub/+git/ubuntu:wip/preinst-check

Last commit made on 2020-07-30
Get this branch:
git clone -b wip/preinst-check https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
wip/preinst-check
Repository:
lp:~ubuntu-core-dev/grub/+git/ubuntu

Recent commits

24fc199... by Dimitri John Ledkov

Review feedback

0cdfbff... by Dimitri John Ledkov

grub-pc/preinst: check if devices to install are valid

Duplicate a bit of postinst, to check if the target devices we are
trying to upgrade actualy exist. If they don't, ask to correct them,
otherwise abort. This should prevent unpacking incompatible modules.

14f06d2... by Chris Coulson

releasing 2.04-1ubuntu26.1

55d6e11... by Chris Coulson

Add missing #include to grub-core/loader/arm64/linux.c

ec83738... by Colin Watson

efilinux: Fix integer overflows in grub_cmd_initrd

These could be triggered by an extremely large number of arguments to
the initrd command on 32-bit architectures, or a crafted filesystem with
very large files on any architecture.

Fixes: CVE-2020-15707

Signed-off-by: Colin Watson <email address hidden>

33b27a7... by Colin Watson

linux: Fix integer overflows in initrd size handling

These could be triggered by a crafted filesystem with very large files.

Fixes: CVE-2020-15707

Signed-off-by: Colin Watson <email address hidden>
Reviewed-by: Jan Setje-Eilers <email address hidden>

b47e1a6... by Peter Jones

linux loader: avoid overflow on initrd size calculation

Signed-off-by: Peter Jones <email address hidden>

04b3402... by Alexey Makhalov <email address hidden>

relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation

Current implementation of grub_relocator_alloc_chunk_align()
does not allow allocation of the top byte.

Assuming input args are:
  max_addr = 0xfffff000;
  size = 0x1000;

And this is valid. But following overflow protection will
unnecessarily move max_addr one byte down (to 0xffffefff):
  if (max_addr > ~size)
    max_addr = ~size;

~size + 1 will fix the situation. In addition, check size
for non zero to do not zero max_addr.

Signed-off-by: Alexey Makhalov <email address hidden>
Reviewed-by: Daniel Kiper <email address hidden>

a55ad29... by Alexey Makhalov <email address hidden>

relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow

This commit introduces integer underflow mitigation in max_addr calculation
in grub_relocator_alloc_chunk_align() invocation.

It consists of 2 fixes:
  1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
     sanity check for min/max and size values, and to make safe invocation of
     grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
     invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
     by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
  2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
     address (0xffffffff - size + 1) or similar.

Signed-off-by: Alexey Makhalov <email address hidden>
Reviewed-by: Daniel Kiper <email address hidden>

e4356cc... by Alexey Makhalov <email address hidden>

relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow

Use arithmetic macros from safemath.h to accomplish it. In this commit,
I didn't want to be too paranoid to check every possible math equation
for overflow/underflow. Only obvious places (with non zero chance of
overflow/underflow) were refactored.

Signed-off-by: Alexey Makhalov <email address hidden>
Reviewed-by: Daniel Kiper <email address hidden>