Le ven. 21 mars 2025, 01:54, Andrew Hamilton <adham...@gmail.com> a écrit :
> A regression was introduced recently as a part of the series of > filesystem related patches to address some CVEs found in GRUB. > > This issue may cause either an infinite loop at startup when > accessing certain valid NTFS file systems, or may cause a crash > due to a NULL pointer deference on systems where "NULL" address > is invalid (such as may happen when calling grub-mount from > the operating system level). > > Correct this issue by checking that at->attr_cur != NULL inside > find_attr. > > Fixes: https://savannah.gnu.org/bugs/?66855 > > Co-authored-by: B Horn <b...@horn.uk> > Co-authored-by: Andrew Hamilton <adham...@gmail.com> > Signed-off-by: Andrew Hamilton <adham...@gmail.com> > --- > grub-core/fs/ntfs.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c > index 960833a34..a29e10401 100644 > --- a/grub-core/fs/ntfs.c > +++ b/grub-core/fs/ntfs.c > @@ -387,7 +387,8 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t > attr) > } > at->attr_cur = at->attr_nxt; > mft_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR); > - while (at->attr_cur < mft_end && *at->attr_cur != 0xFF) > + while (at->attr_cur != NULL && at->attr_cur < mft_end > + && *at->attr_cur != 0xFF) > Why not while (at->attr_cur >= at->mft->buf && at->attr_cur < mft_end && ... ? > { > at->attr_nxt = next_attribute (at->attr_cur, at->end); > if (*at->attr_cur == GRUB_NTFS_AT_ATTRIBUTE_LIST) > -- > 2.39.5 > >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
