[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 058/117] util/grub-editenv: Fix incorrect casting of a s
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 058/117] util/grub-editenv: Fix incorrect casting of a signed value |
Date: |
Tue, 2 Mar 2021 19:01:05 +0100 |
From: Darren Kenny <darren.kenny@oracle.com>
The return value of ftell() may be negative (-1) on error. While it is
probably unlikely to occur, we should not blindly cast to an unsigned
value without first testing that it is not negative.
Fixes: CID 73856
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
util/grub-editenv.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/util/grub-editenv.c b/util/grub-editenv.c
index f3662c95b..db6f187cc 100644
--- a/util/grub-editenv.c
+++ b/util/grub-editenv.c
@@ -125,6 +125,7 @@ open_envblk_file (const char *name)
{
FILE *fp;
char *buf;
+ long loc;
size_t size;
grub_envblk_t envblk;
@@ -143,7 +144,12 @@ open_envblk_file (const char *name)
grub_util_error (_("cannot seek `%s': %s"), name,
strerror (errno));
- size = (size_t) ftell (fp);
+ loc = ftell (fp);
+ if (loc < 0)
+ grub_util_error (_("cannot get file location `%s': %s"), name,
+ strerror (errno));
+
+ size = (size_t) loc;
if (fseek (fp, 0, SEEK_SET) < 0)
grub_util_error (_("cannot seek `%s': %s"), name,
--
2.11.0
- [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow, (continued)
- [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 048/117] video/fb/fbfill: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 051/117] video/readers/jpeg: Test for an invalid next marker reference from a jpeg file, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 049/117] video/fb/video_fb: Fix multiple integer overflows, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 053/117] loader/bsd: Check for NULL arg up-front, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 052/117] gfxmenu/gui_list: Remove code that coverity is flagging as dead, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 054/117] loader/xnu: Fix memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 055/117] loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 056/117] loader/xnu: Check if pointer is NULL before using it, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 057/117] util/grub-install: Fix NULL pointer dereferences, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 058/117] util/grub-editenv: Fix incorrect casting of a signed value,
Daniel Kiper <=
- [SECURITY PATCH 059/117] util/glue-efi: Fix incorrect use of a possibly negative value, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 062/117] script/execute: Avoid crash when using "$#" outside a function scope, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 060/117] script/execute: Fix NULL dereference in grub_script_execute_cmdline(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 067/117] video/readers/jpeg: Catch files with unsupported quantization or Huffman tables, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 061/117] commands/ls: Require device_name is not NULL before printing, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 066/117] kern/misc: Always set *end in grub_strtoull(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 063/117] lib/arg: Block repeated short options that require an argument, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 065/117] commands/menuentry: Fix quoting in setparams_prefix(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 070/117] term/gfxterm: Don't set up a font with glyphs that are too big, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 064/117] script/execute: Don't crash on a "for" loop with no items, Daniel Kiper, 2021/03/02