diff options
Diffstat (limited to 'libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch')
-rw-r--r-- | libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch b/libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch deleted file mode 100644 index aa07f2ffc..000000000 --- a/libre/grub/0001-Fix-security-issue-when-reading-username-and-passwor.patch +++ /dev/null @@ -1,47 +0,0 @@ -From e16eeda1200deabd0d3a4af968d526d62845a85f Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert <hecmargi@upv.es> -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Resolves: CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> -Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..524a3d8 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - continue; -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..5782ec5 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - grub_printf ("\b"); --- -2.6.4 - |