|
 |
6f1e3d5 |
From a8b65c0ac1e2ddd001e8b837c798f1b135f2a522 Mon Sep 17 00:00:00 2001
|
|
|
475000b |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
475000b |
Date: Mon, 21 Nov 2016 15:34:00 +0100
|
|
|
6f1e3d5 |
Subject: [PATCH 163/198] efi/chainloader: fix wrong sanity check in
|
|
|
475000b |
relocate_coff()
|
|
|
475000b |
|
|
|
475000b |
In relocate_coff(), the relocation entries are parsed from the original
|
|
|
475000b |
image (not the section-wise copied image). The original image is
|
|
|
475000b |
pointed-to by the "orig" pointer. The current check
|
|
|
475000b |
|
|
|
475000b |
(void *)reloc_end < data
|
|
|
475000b |
|
|
|
475000b |
compares the addresses of independent memory allocations. "data" is a typo
|
|
|
475000b |
here, it should be "orig".
|
|
|
475000b |
|
|
|
475000b |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291
|
|
|
475000b |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
475000b |
Tested-by: Bogdan Costescu <bcostescu@gmail.com>
|
|
|
475000b |
Tested-by: Juan Orti <j.orti.alcaine@gmail.com>
|
|
|
475000b |
---
|
|
|
475000b |
grub-core/loader/efi/chainloader.c | 2 +-
|
|
|
475000b |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
475000b |
|
|
|
475000b |
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
|
|
6f1e3d5 |
index b977c7b55..d5ab21d09 100644
|
|
|
475000b |
--- a/grub-core/loader/efi/chainloader.c
|
|
|
475000b |
+++ b/grub-core/loader/efi/chainloader.c
|
|
|
bc092b9 |
@@ -401,7 +401,7 @@ relocate_coff (pe_coff_loader_image_context_t *context,
|
|
|
475000b |
reloc_end = (struct grub_pe32_fixup_block *)
|
|
|
475000b |
((char *)reloc_base + reloc_base->size);
|
|
|
475000b |
|
|
|
475000b |
- if ((void *)reloc_end < data || (void *)reloc_end > image_end)
|
|
|
475000b |
+ if ((void *)reloc_end < orig || (void *)reloc_end > image_end)
|
|
|
475000b |
{
|
|
|
475000b |
grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary",
|
|
|
475000b |
n);
|
|
|
475000b |
--
|
|
|
da63b36 |
2.14.3
|
|
|
475000b |
|