installgrub can segfault when encountering bogus data on disk
Installgrub tries to read possibly existing grub stages from the disk before installing the new stages.
For some part of the data read from disk, it will try to compute and verify a checksum and then check the presence of a magic value. For the checksum calculation part, it relies on size information read from the disk. If that "size" happens to be some random large value, installgrub will read over the end of the buffer and segfault.
Verifying the magic values before attempting the checksum calculation helps here. It is very unlikely that the magic values are correct but the size is still bogus. While it would possible to maliciously put such a combination on the disk, this should have no security impact besides crashing installgrub.
Updated by Hans Rosenfeld over 9 years ago
- calculate maximum size of extra data and use that in find_einfo()