Commits · master · rahulkrishnan / grub

13 Jan, 2016 1 commit
- verify: fix memory leak · 6c35ce72
  Andrei Borzenkov authored Jan 12, 2016
```
Found by: Coverity scan.
CID: 96643
```
  6c35ce72
27 Mar, 2015 1 commit
- Add missing initializers to silence suprious warnings. · ed07b7e1
  Michael Zimmermann authored Mar 27, 2015
  
  ed07b7e1
25 Jan, 2015 1 commit

commands/verify: Fix sha1 context zeroing-out. · 37ba761b

authored Jan 24, 2015

Current code doesn't zero-out context completely. It's a minor issue
really as sha1 init already takes care of initing the context.

37ba761b

05 Dec, 2014 1 commit

fix memory corruption in pubkey filter over network · ebb3d958

authored Dec 05, 2014

grub_pubkey_open closed original file after it was read; it set
io->device to NULL to prevent grub_file_close from trying to close device.
But network device itself is stacked (net -> bufio); and bufio preserved
original netfs file which hold reference to device. grub_file_close(io)
called grub_bufio_close which called grub_file_close for original file.
grub_file_close(netfs-file) now also called grub_device_close which
freed file->device->net. So file structure returned by grub_pubkey_open
now had device->net pointed to freed memory. When later file was closed,
it was attempted to be freed again.

Change grub_pubkey_open to behave like other filters - preserve original
parent file and pass grub_file_close down to parent. In this way only the
original file will close device. We really need to move this logic into
core instead.

Also plug memory leaks in error paths on the way.
Reported-By: Robert Kliewer <robert.kliewer@gmail.com>
Closes: bug #43601

ebb3d958

21 Jun, 2014 2 commits
- * grub-core/commands/verify.c (grub_pubkey_open): Trust procfs. · 2c2c5c72
  Vladimir Serbinenko authored May 15, 2014
  
  2c2c5c72
- * grub-core/commands/verify.c (grub_pubkey_open): Fix memdisk · 480c8985
  Vladimir Serbinenko authored May 12, 2014
```
	check.
```
  480c8985
21 Dec, 2013 2 commits
- Correct some translatable strings. · 496a6b30
  David Prévot authored Dec 21, 2013
  
  496a6b30
- Clarify several translatable messages. · bfdfeb25
  Vladimir Serbinenko authored Dec 21, 2013
  
  bfdfeb25
17 Dec, 2013 1 commit

Fix double-free introduced by commit · 24d5934d

authored Dec 13, 2013

To reproduce the problem, make sure you have a GPG public key available, build and install GRUB:
grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda
Sign all the files in /boot/grub/* and reboot.

'make check' results identical before and after this change.

TESTED: In a QEMU VM using an i386 target.

24d5934d

15 Dec, 2013 1 commit
- Add gcc_struct to all packed structures when compiling with mingw. · 7e47e27b
  Vladimir Serbinenko authored Dec 15, 2013
```
	Just "packed" doesn't always pack the way we expect.
```
  7e47e27b
18 Nov, 2013 1 commit

* grub-core/commands/verify.c (free_pk): Plug memory leak. · 7bbb60cf

authored Nov 18, 2013

	(grub_load_public_key): Likewise.
	(grub_verify_signature_real): Likewise.
	(grub_cmd_verify_signature): Likewise.

7bbb60cf

16 Nov, 2013 1 commit

Decrease stack usage in signature verification. · 4f84ae0e

authored Nov 16, 2013

	We have only 92K of stack and using over 4K per frame is wasteful

	* grub-core/commands/verify.c (grub_load_public_key): Allocate on heap
	rather than stack.
	(grub_verify_signature_real): Likewise.

4f84ae0e

12 Nov, 2013 1 commit
- * grub-core/commands/verify.c: Remove variable length arrays. · 1dcb2715
  Vladimir Serbinenko authored Nov 12, 2013
```
	Load gcry_dsa/gcry_rsa automatically.
```
  1dcb2715
03 Nov, 2013 1 commit
- * grub-core/commands/verify.c: Add RSA support. · 1106c3f0
  Vladimir Serbinenko authored Nov 03, 2013
  
  1106c3f0
22 Oct, 2013 1 commit
- Verify signatures of signatures unless --skip-sig is specified. · 0d711431
  Vladimir 'phcoder' Serbinenko authored Oct 22, 2013
  
  0d711431
05 Apr, 2013 1 commit
- * grub-core/commands/verify.c: Use GRUB_CHAR_BIT. · 52eab656
  Vladimir 'phcoder' Serbinenko authored Apr 05, 2013
  
  52eab656
03 Apr, 2013 1 commit
- * grub-core/commands/verify.c: Save verified file to avoid it being · 1a78d573
  Vladimir 'phcoder' Serbinenko authored Apr 03, 2013
```
	tampered with after verification was done.
```
  1a78d573
01 Apr, 2013 1 commit
- * grub-core/commands/verify.c: Fix hash algorithms values for · 40f1c000
  Andrey Borzenkov authored Apr 01, 2013
```
	the first three hashes - they start with 1, not with 0.
```
  40f1c000
20 Mar, 2013 1 commit
- * grub-core/commands/verify.c (hashes): Add several hashes · d7a6506e
  Vladimir 'phcoder' Serbinenko authored Mar 20, 2013
```
	from the spec.
```
  d7a6506e
11 Mar, 2013 1 commit
- * grub-core/commands/verify.c (grub_verify_signature): Use unsigned · d2789cf0
  Vladimir 'phcoder' Serbinenko authored Mar 10, 2013
```
	operations to have intended shifts and not divisions.
```
  d2789cf0
13 Jan, 2013 1 commit
- New command list_trusted. · adcc6020
  Vladimir 'phcoder' Serbinenko authored Jan 13, 2013
```
	* grub-core/commands/verify.c (grub_cmd_list): New function.
```
  adcc6020
12 Jan, 2013 2 commits
- * grub-core/commands/verify.c: Mark messages for translating. · f8e98fee
  Vladimir 'phcoder' Serbinenko authored Jan 12, 2013
  
  f8e98fee
- Import gcrypt public-key cryptography and implement signature checking. · 5e3b8dcb
  Vladimir 'phcoder' Serbinenko authored Jan 11, 2013
  
  5e3b8dcb