From: Daniel Axtens <d...@axtens.net>
Otherwise you get a wild pointer, leading to a bunch of invalid reads.
Check it falls inside the given node.
Signed-off-by: Daniel Axtens <d...@axtens.net>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
---
grub-core/fs/hfsplus.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
index 8fe7c12ed..1c7791b02 100644
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@@ -635,6 +635,10 @@ grub_hfsplus_btree_search (struct grub_hfsplus_btree
*btree,
pointer = ((char *) currkey
+ grub_be_to_cpu16 (currkey->keylen)
+ 2);
+
+ if ((char *) pointer > node + btree->nodesize - 2)
+ return grub_error (GRUB_ERR_BAD_FS, "HFS+ key beyond end of
node");
+
currnode = grub_be_to_cpu32 (grub_get_unaligned32 (pointer));
match = 1;
}
--
2.11.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
