projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 458cce9) | patch
fs/ufs: Fix a heap OOB write
authorB Horn <b@horn.uk>
Sun, 12 May 2024 01:03:33 +0000 (02:03 +0100)
committerFelix Zielcke <fzielcke@z-51.de>
Thu, 3 Jul 2025 16:35:51 +0000 (18:35 +0200)
commit094e68ad5ce85b351ecb4fe0ae7e06601ec61eda
treee3623df947f4b4fad1ad3b5da9e683d95cc83655tree | snapshot
parent458cce9ec4272ceb602e33d5cfb0ebc353bb304ccommit | diff
fs/ufs: Fix a heap OOB write

grub_strcpy() was used to copy a symlink name from the filesystem
image to a heap allocated buffer. This led to a OOB write to adjacent
heap allocations. Fix by using grub_strlcpy().

Fixes: CVE-2024-45781
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name fs-ufs-Fix-a-heap-OOB-write.patch
grub-core/fs/ufs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.