diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-02-18 11:05:37 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-02 00:21:37 +0000 |
commit | bd3bda5d03504570b8f8520eb33d6806c407ef6f (patch) | |
tree | 4e928169f9948e29bc3fc942d6655e5b91f13598 | |
parent | 4c7bfa8abe03620105a207f74529e07b5ad4ae7d (diff) | |
download | poky-bd3bda5d03504570b8f8520eb33d6806c407ef6f.tar.gz |
grub: add a fix for a memory leak
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch | 52 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch new file mode 100644 index 0000000000..8a26e5bc5b --- /dev/null +++ b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 2367049d2021e00d82d19cee923e06a4b04ebc30 Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Kenny <darren.kenny@oracle.com> | ||
3 | Date: Fri, 4 Dec 2020 18:56:48 +0000 | ||
4 | Subject: [PATCH] normal/completion: Fix leaking of memory when processing a | ||
5 | completion | ||
6 | |||
7 | It is possible for the code to reach the end of the function without | ||
8 | freeing the memory allocated to argv and argc still to be 0. | ||
9 | |||
10 | We should always call grub_free(argv). The grub_free() will handle | ||
11 | a NULL argument correctly if it reaches that code without the memory | ||
12 | being allocated. | ||
13 | |||
14 | Fixes: CID 96672 | ||
15 | |||
16 | Signed-off-by: Darren Kenny <darren.kenny@oracle.com> | ||
17 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
18 | |||
19 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9213575b7a95b514bce80be5964a28d407d7d56d] | ||
20 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
21 | --- | ||
22 | grub-core/normal/completion.c | 10 ++++------ | ||
23 | 1 file changed, 4 insertions(+), 6 deletions(-) | ||
24 | |||
25 | diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c | ||
26 | index 5961028..46e473c 100644 | ||
27 | --- a/grub-core/normal/completion.c | ||
28 | +++ b/grub-core/normal/completion.c | ||
29 | @@ -400,8 +400,8 @@ char * | ||
30 | grub_normal_do_completion (char *buf, int *restore, | ||
31 | void (*hook) (const char *, grub_completion_type_t, int)) | ||
32 | { | ||
33 | - int argc; | ||
34 | - char **argv; | ||
35 | + int argc = 0; | ||
36 | + char **argv = NULL; | ||
37 | |||
38 | /* Initialize variables. */ | ||
39 | match = 0; | ||
40 | @@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore, | ||
41 | |||
42 | fail: | ||
43 | if (argc != 0) | ||
44 | - { | ||
45 | - grub_free (argv[0]); | ||
46 | - grub_free (argv); | ||
47 | - } | ||
48 | + grub_free (argv[0]); | ||
49 | + grub_free (argv); | ||
50 | grub_free (match); | ||
51 | grub_errno = GRUB_ERR_NONE; | ||
52 | |||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index c965f0fd15..1460e559b9 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -75,6 +75,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
75 | file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ | 75 | file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ |
76 | file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ | 76 | file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ |
77 | file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ | 77 | file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ |
78 | file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \ | ||
78 | " | 79 | " |
79 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" | 80 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" |
80 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" | 81 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |