grub-lakitu: BACKPORT: FROMGIT: malloc: Use overflow checking primitives where we do complex allocations

This attempts to fix the places where we do the following where
arithmetic_expr may include unvalidated data:

  X = grub_malloc(arithmetic_expr);

It accomplishes this by doing the arithmetic ahead of time using grub_add(),
grub_sub(), grub_mul() and testing for overflow before proceeding.

Among other issues, this fixes:
  - allocation of integer overflow in grub_video_bitmap_create()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_squash_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_ext2_read_symlink()
    reported by Chris Coulson,
  - allocation of integer overflow in read_section_as_string()
    reported by Chris Coulson.

Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream-commit-id: 5fb2befbf04
(cherry picked from commit b3dd39088e5b2efb190e33e2a0b71c9d1dc93118
 https://github.com/rhboot/grub2 fedora-31)
Signed-off-by: Robert Kolchmeyer <rkolchmeyer@google.com>

Conflicts:
 - grub-core/fs/btrfs.c: Adjusted context to match the headers that we
 have in this file
 - grub-core/loader/i386/bsd.c: Adjusted context to match the headers
 that we have in this file

BUG=b/162782466
TEST=shielded_vm_test

Change-Id: I06fca1da927c1922798d82e57e2942359935f453
23 files changed
tree: 155e848dbfa54d13dec2798db8936bc75e93e941
  1. OWNERS
  2. README
  3. grub-lakitu/