1From 58ea11d5b9ca0966bd9c68d8ba5240cf7dc3ba83 Mon Sep 17 00:00:00 2001 2From: Daniel Axtens <dja@axtens.net> 3Date: Fri, 22 Jan 2021 18:13:56 +1100 4Subject: [PATCH] fs/hfsplus: Don't fetch a key beyond the end of the node 5 6Otherwise you get a wild pointer, leading to a bunch of invalid reads. 7Check it falls inside the given node. 8 9Signed-off-by: Daniel Axtens <dja@axtens.net> 10Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 11Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 12--- 13 grub-core/fs/hfsplus.c | 4 ++++ 14 1 file changed, 4 insertions(+) 15 16diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c 17index 8fe7c12..1c7791b 100644 18--- a/grub-core/fs/hfsplus.c 19+++ b/grub-core/fs/hfsplus.c 20@@ -635,6 +635,10 @@ grub_hfsplus_btree_search (struct grub_hfsplus_btree *btree, 21 pointer = ((char *) currkey 22 + grub_be_to_cpu16 (currkey->keylen) 23 + 2); 24+ 25+ if ((char *) pointer > node + btree->nodesize - 2) 26+ return grub_error (GRUB_ERR_BAD_FS, "HFS+ key beyond end of node"); 27+ 28 currnode = grub_be_to_cpu32 (grub_get_unaligned32 (pointer)); 29 match = 1; 30 } 31-- 322.14.2 33 34