From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 29 Jan 2025 06:48:38 +0000 (+0000)
Subject: osdep/unix/getroot: Fix potential underflow
X-Git-Tag: archive/raspbian/2.12-8+rpi1^2~12
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=852b7007e6ba754de9a817fe93ceec7ab1de95fd;p=grub2.git

osdep/unix/getroot: Fix potential underflow

The entry_len is initialized in grub_find_root_devices_from_mountinfo()
to 0 before the while loop iterates through /proc/self/mountinfo. If the
file is empty or contains only invalid entries entry_len remains
0 causing entry_len - 1 in the subsequent for loop initialization
to underflow. To prevent this add a check to ensure entry_len > 0 before
entering the for loop.

Fixes: CID 473877

Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>

Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name osdep-unix-getroot-Fix-potential-underflow.patch
---

diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c
index b4e279f..e823706 100644
--- a/grub-core/osdep/linux/getroot.c
+++ b/grub-core/osdep/linux/getroot.c
@@ -484,6 +484,9 @@ again:
 	}
     }
 
+  if (!entry_len)
+    goto out;
+
   /* Now scan visible mounts for the ones we're interested in.  */
   for (i = entry_len - 1; i >= 0; i--)
     {