aboutsummaryrefslogtreecommitdiffstats
path: root/package/boot/grub2/patches/300-CVE-2015-8370.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/boot/grub2/patches/300-CVE-2015-8370.patch')
-rw-r--r--package/boot/grub2/patches/300-CVE-2015-8370.patch40
1 files changed, 0 insertions, 40 deletions
diff --git a/package/boot/grub2/patches/300-CVE-2015-8370.patch b/package/boot/grub2/patches/300-CVE-2015-8370.patch
deleted file mode 100644
index 22f6c90928..0000000000
--- a/package/boot/grub2/patches/300-CVE-2015-8370.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hector Marco-Gisbert <hecmargi@upv.es>
-Date: Fri, 13 Nov 2015 16:21:09 +0100
-Subject: [PATCH] Fix security issue when reading username and password
-
- This patch fixes two integer underflows at:
- * grub-core/lib/crypto.c
- * grub-core/normal/auth.c
-
-Resolves: CVE-2015-8370
-
-Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
-Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
----
- grub-core/lib/crypto.c | 2 +-
- grub-core/normal/auth.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
---- a/grub-core/lib/crypto.c
-+++ b/grub-core/lib/crypto.c
-@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
- break;
- }
-
-- if (key == '\b')
-+ if (key == '\b' && cur_len)
- {
- if (cur_len)
- cur_len--;
---- a/grub-core/normal/auth.c
-+++ b/grub-core/normal/auth.c
-@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
- break;
- }
-
-- if (key == GRUB_TERM_BACKSPACE)
-+ if (key == GRUB_TERM_BACKSPACE && cur_len)
- {
- if (cur_len)
- {
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-04 14:36:18 +0000