v3: Added check for e_shoff, made starting words lowercase in error messages,
and added comment to why return pointers are set to 0.
Coverity identified several untrusted loop bounds and untrusted allocation size
bugs in grub-core/loader/i386/bsdXX.c and grub-core/loader/multiboot_elfXX.c.
Upon review of these bugs, I found that specific checks weren't being made to
various elf header values based on the elf manual page. This patch series
addresses the coverity bugs, as well as adds functions to check for the correct
elf header values.
The Coverity bugs being addressed are:
CID 314018
CID 314030
CID 314031
CID 314039
Alec Brown (5):
grub-core/loader/i386/bsdXX.c: Avoid downcasting (char *) to (Elf_Shdr *)
elf: Validate number of elf section header table entries
elf: Validate elf section header table index for section name string table
elf: Validate number of elf program header table entries
util/grub-module-verifierXX.c: Add e_shoff check in get_shdr()
grub-core/kern/elf.c | 15 +++++++++++++++
grub-core/kern/elfXX.c | 101
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
grub-core/loader/i386/bsdXX.c | 137
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------------------
grub-core/loader/multiboot_elfxx.c | 76
+++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------
include/grub/elf.h | 18 ++++++++++++++++++
util/grub-module-verifierXX.c | 3 +++
6 files changed, 273 insertions(+), 77 deletions(-)
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
