You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.3 KiB
38 lines
1.3 KiB
From fff5140620c52db3b7ebca5921d1d237b1dcc7ae Mon Sep 17 00:00:00 2001 |
|
From: Daniel Kiper <daniel.kiper@oracle.com> |
|
Date: Tue, 7 Jul 2020 15:36:26 +0200 |
|
Subject: [PATCH 305/336] font: Do not load more than one NAME section |
|
|
|
The GRUB font file can have one NAME section only. Though if somebody |
|
crafts a broken font file with many NAME sections and loads it then the |
|
GRUB leaks memory. So, prevent against that by loading first NAME |
|
section and failing in controlled way on following one. |
|
|
|
Reported-by: Chris Coulson <chris.coulson@canonical.com> |
|
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> |
|
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> |
|
Upstream-commit-id: 482814113dc |
|
--- |
|
grub-core/font/font.c | 6 ++++++ |
|
1 file changed, 6 insertions(+) |
|
|
|
diff --git a/grub-core/font/font.c b/grub-core/font/font.c |
|
index 71d3f78b88a..5ff5f438b40 100644 |
|
--- a/grub-core/font/font.c |
|
+++ b/grub-core/font/font.c |
|
@@ -532,6 +532,12 @@ grub_font_load (const char *filename) |
|
if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, |
|
sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) |
|
{ |
|
+ if (font->name != NULL) |
|
+ { |
|
+ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); |
|
+ goto fail; |
|
+ } |
|
+ |
|
font->name = read_section_as_string (§ion); |
|
if (!font->name) |
|
goto fail; |
|
-- |
|
2.26.2 |
|
|
|
|