On Thu, May 26, 2022 at 03:29:46PM -0400, Alec Brown wrote: > Coverity identified several untrusted loop bounds and untrusted allocation > size > bugs in grub-core/loader/i386/bsdXX.c and grub-core/loader/multiboot_elfXX.c. > Upon review of these bugs, I found that specific checks weren't being made to > various elf header values based on the elf manual page. The first four patches > in this patch series address the coverity bugs, as well as adds functions to > check for the correct elf header values. The last two patches adds fixes to > previous work done in util/grub-module-verifierXX.c that also relates to > making > checks of elf header values. > > The Coverity bugs being addressed are: > CID 314018 > CID 314030 > CID 314031 > CID 314039 > > Alec Brown (6): > grub-core/loader/i386/bsdXX.c: Avoid downcasting (char *) to (Elf_Shdr > *) > elf: Validate number of elf section header table entries > elf: Validate elf section header table index for section name string > table > elf: Validate number of elf program header table entries > util/grub-module-verifierXX.c: Add e_shoff check in get_shdr() > util/grub-module-verifierXX.c: Changed get_shnum() return type
For all patches Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>. Thank you for fixing these issues! Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
