projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4057d2e) | patch
fs/ufs: Fix a heap OOB write
authorB Horn <b@horn.uk>
Sun, 12 May 2024 01:03:33 +0000 (02:03 +0100)
committerMiao Wang <shankerwangmiao@gmail.com>
Sun, 15 Feb 2026 13:50:20 +0000 (13:50 +0000)
commit4f23f514b10816a064a61598f1f45848ba2597cd
tree19c20da29b7d66706365b72ae6ca71b36406b405tree | snapshot
parent4057d2e7eb9a23e6616c823ebe340fa7810feb51commit | diff
fs/ufs: Fix a heap OOB write

grub_strcpy() was used to copy a symlink name from the filesystem
image to a heap allocated buffer. This led to a OOB write to adjacent
heap allocations. Fix by using grub_strlcpy().

Fixes: CVE-2024-45781
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name fs-ufs-Fix-a-heap-OOB-write.patch
grub-core/fs/ufs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.