Головна сторінка Огляд Довідка
Увійти
PUBLIC_REPOS
/
buildroot
дзеркало git://git.buildroot.net/buildroot
2
1
Відгалуження 0
Файли
Дерево: ded3e0045a
Гілки Теги
buildroot
/
boot
/
grub2
/
0033-commands-pgp-Unregister-the-check_signatures-hooks-o.patch

0033-commands-pgp-Unregister-the-check_signatures-hooks-o.patch 1.1 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536 
  1. From c05c4d591ef5f21fefd95fc928fe123a12f2bfb0 Mon Sep 17 00:00:00 2001
    2. 

  2. From: B Horn <b@horn.uk>
    3. 

  3. Date: Fri, 1 Nov 2024 19:24:29 +0000
    4. 

  4. Subject: [PATCH] commands/pgp: Unregister the "check_signatures" hooks on
    5. 

  5.  module unload
    6. 

  6. 

  7. If the hooks are not removed they can be called after the module has
    8. 

  8. been unloaded leading to an use-after-free.
    9. 

  9. 

  10. Fixes: CVE-2025-0622
    11. 

  11. 

  12. Reported-by: B Horn <b@horn.uk>
    13. 

  13. Signed-off-by: B Horn <b@horn.uk>
    14. 

  14. Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
    15. 

  15. Upstream: 2123c5bca7e21fbeb0263df4597ddd7054700726
    16. 

  16. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    17. 

  17. ---
    18. 

  18.  grub-core/commands/pgp.c | 2 ++
    19. 

  19.  1 file changed, 2 insertions(+)
    20. 

  20. 

  21. diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
    22. 

  22. index c6766f044..5fadc33c4 100644
    23. 

  23. --- a/grub-core/commands/pgp.c
    24. 

  24. +++ b/grub-core/commands/pgp.c
    25. 

  25. @@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
    26. 

  26.  
    27. 

  27.  GRUB_MOD_FINI(pgp)
    28. 

  28.  {
    29. 

  29. +  grub_register_variable_hook ("check_signatures", NULL, NULL);
    30. 

  30. +  grub_env_unset ("check_signatures");
    31. 

  31.    grub_verifier_unregister (&grub_pubkey_verifier);
    32. 

  32.    grub_unregister_extcmd (cmd);
    33. 

  33.    grub_unregister_extcmd (cmd_trust);
    34. 

  34. -- 
    35. 

  35. 2.50.1
    36. 

  36.