diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-02-25 22:55:05 -0500 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-15 14:22:49 +0000 |
commit | d7bf8c17eca8f8c89898a7794462c773c449e983 (patch) | |
tree | d18618fca85ca5f0c077032cc7b009344b60f663 /import-layers/yocto-poky/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | |
parent | e2b5abdc9f28cdf8578e5b9be803c8e697443c20 (diff) | |
download | blackbird-openbmc-d7bf8c17eca8f8c89898a7794462c773c449e983.tar.gz blackbird-openbmc-d7bf8c17eca8f8c89898a7794462c773c449e983.zip |
Yocto 2.4
Move OpenBMC to Yocto 2.4(rocko)
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I12057b18610d6fb0e6903c60213690301e9b0c67
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/import-layers/yocto-poky/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch deleted file mode 100644 index 65ddcaf12..000000000 --- a/import-layers/yocto-poky/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch +++ /dev/null @@ -1,53 +0,0 @@ -Upstream-Status: Accepted -CVE: CVE-2015-8370 -Signed-off-by: Awais Belal <awais_belal@mentor.com> - -From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert <hecmargi@upv.es> -Date: Wed, 16 Dec 2015 04:57:18 +0000 -Subject: Fix security issue when reading username and password - -This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -CVE-2015-8370 - -Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> -Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> -Also-By: Andrey Borzenkov <arvidjaar@gmail.com> ---- -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..683a8aa 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -470,7 +470,8 @@ grub_password_get (char buf[], unsigned buf_size) - - if (key == '\b') - { -- cur_len--; -+ if (cur_len) -+ cur_len--; - continue; - } - -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..8615c48 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned buf_size) - - if (key == '\b') - { -- cur_len--; -- grub_printf ("\b"); -+ if (cur_len) -+ { -+ cur_len--; -+ grub_printf ("\b"); -+ } - continue; - } - --- -cgit v0.9.0.2 |