Good feedback, I will update as suggested and send out a v3 shortly! Thanks! Andrew
On Thu, Mar 20, 2025 at 6:04 PM Vladimir 'phcoder' Serbinenko < phco...@gmail.com> wrote: > > > Le ven. 21 mars 2025, 01:54, Andrew Hamilton <adham...@gmail.com> a > écrit : > >> A regression was introduced recently as a part of the series of >> filesystem related patches to address some CVEs found in GRUB. >> >> This issue may cause either an infinite loop at startup when >> accessing certain valid NTFS file systems, or may cause a crash >> due to a NULL pointer deference on systems where "NULL" address >> is invalid (such as may happen when calling grub-mount from >> the operating system level). >> >> Correct this issue by checking that at->attr_cur != NULL inside >> find_attr. >> >> Fixes: https://savannah.gnu.org/bugs/?66855 >> >> Co-authored-by: B Horn <b...@horn.uk> >> Co-authored-by: Andrew Hamilton <adham...@gmail.com> >> Signed-off-by: Andrew Hamilton <adham...@gmail.com> >> --- >> grub-core/fs/ntfs.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c >> index 960833a34..a29e10401 100644 >> --- a/grub-core/fs/ntfs.c >> +++ b/grub-core/fs/ntfs.c >> @@ -387,7 +387,8 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t >> attr) >> } >> at->attr_cur = at->attr_nxt; >> mft_end = at->mft->buf + (at->mft->data->mft_size << >> GRUB_NTFS_BLK_SHR); >> - while (at->attr_cur < mft_end && *at->attr_cur != 0xFF) >> + while (at->attr_cur != NULL && at->attr_cur < mft_end >> + && *at->attr_cur != 0xFF) >> > Why not while (at->attr_cur >= at->mft->buf && at->attr_cur < mft_end && > ... ? > >> { >> at->attr_nxt = next_attribute (at->attr_cur, at->end); >> if (*at->attr_cur == GRUB_NTFS_AT_ATTRIBUTE_LIST) >> -- >> 2.39.5 >> >>
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
