projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9306082) | patch
fs/ufs: Fix a heap OOB write
authorB Horn <b@horn.uk>
Sun, 12 May 2024 01:03:33 +0000 (02:03 +0100)
committerFelix Zielcke <fzielcke@z-51.de>
Wed, 11 Jun 2025 15:42:34 +0000 (17:42 +0200)
commit6d2cb4a9bb98f9e0a26b08bcdd8614677149b533
tree69e41ad14f9262ed58d72aa0fb39b3fe6f2032e6tree | snapshot
parent9306082f37592f4a2872fddaef773d78a5ffb34ccommit | diff
fs/ufs: Fix a heap OOB write

grub_strcpy() was used to copy a symlink name from the filesystem
image to a heap allocated buffer. This led to a OOB write to adjacent
heap allocations. Fix by using grub_strlcpy().

Fixes: CVE-2024-45781
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name fs-ufs-Fix-a-heap-OOB-write.patch
grub-core/fs/ufs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.