1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Hector Marco-Gisbert <hecmargi@upv.es>
3 Date: Fri, 13 Nov 2015 16:21:09 +0100
4 Subject: [PATCH] Fix security issue when reading username and password
6 This patch fixes two integer underflows at:
7 * grub-core/lib/crypto.c
8 * grub-core/normal/auth.c
10 Resolves: CVE-2015-8370
12 Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
13 Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
15 grub-core/lib/crypto.c | 2 +-
16 grub-core/normal/auth.c | 2 +-
17 2 files changed, 2 insertions(+), 2 deletions(-)
19 --- a/grub-core/lib/crypto.c
20 +++ b/grub-core/lib/crypto.c
21 @@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned
26 + if (key == '\b' && cur_len)
30 --- a/grub-core/normal/auth.c
31 +++ b/grub-core/normal/auth.c
32 @@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned
37 + if (key == '\b' && cur_len)