net: Prevent overflows when allocating memory for arrays

Use grub_calloc() when allocating memory for arrays to ensure proper
overflow checks are in place.

Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name net-Prevent-overflows-when-allocating-memory-for-arrays.patch

diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c
index 39b0c46cf7108f3ed2e7f744ea9546dc28aae721..f20cd6f835c4042a8b4af2af0092ba02ac648457 100644 (file)
--- a/grub-core/net/dns.c
+++ b/grub-core/net/dns.c
@@ -470,8 +470,8 @@ grub_net_dns_lookup (const char *name,
          && grub_get_time_ms () < dns_cache[h].limit_time)
        {
          grub_dprintf ("dns", "retrieved from cache\n");
-         *addresses = grub_malloc (dns_cache[h].naddresses
-                                   * sizeof ((*addresses)[0]));
+         *addresses = grub_calloc (dns_cache[h].naddresses,
+                                   sizeof ((*addresses)[0]));
          if (!*addresses)
            return grub_errno;
          *naddresses = dns_cache[h].naddresses;

diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 465f90926ba8ac3f30a201b352af657682e5e173..fb41d271557ebfaaa77c974c60c2506f0df8505f 100644 (file)
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -91,8 +91,8 @@ grub_net_link_layer_add_address (struct grub_net_card *card,
   /* Add sender to cache table.  */
   if (card->link_layer_table == NULL)
     {
-      card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
-                                           * sizeof (card->link_layer_table[0]));
+      card->link_layer_table = grub_calloc (LINK_LAYER_CACHE_SIZE,
+                                           sizeof (card->link_layer_table[0]));
       if (card->link_layer_table == NULL)
        return;
     }