summaryrefslogtreecommitdiffstats
path: root/meta/recipes-bsp
diff options
context:
space:
mode:
authorMarta Rybczynska <rybczynska@gmail.com>2022-02-18 11:05:53 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-03-02 00:21:37 +0000
commit7fae28df197f4923c4ba3ee22d00f882d5ecf136 (patch)
tree434fe25644fd4b7e8f647d8cc98aa226b795c7c3 /meta/recipes-bsp
parent8d050d1e45aa7e822c9b92c15506669038068b33 (diff)
downloadpoky-7fae28df197f4923c4ba3ee22d00f882d5ecf136.tar.gz
grub: avoid a NULL pointer dereference
This patch adds a fix for a NULL pointer dereference in grub's commands/ls. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
-rw-r--r--meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch33
-rw-r--r--meta/recipes-bsp/grub/grub2.inc1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
new file mode 100644
index 0000000000..5a327fe1d2
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
@@ -0,0 +1,33 @@
1From dd82f98fa642907817f59aeaf3761b786898df85 Mon Sep 17 00:00:00 2001
2From: Daniel Axtens <dja@axtens.net>
3Date: Mon, 11 Jan 2021 16:57:37 +1100
4Subject: [PATCH] commands/ls: Require device_name is not NULL before printing
5
6This can be triggered with:
7 ls -l (0 0*)
8and causes a NULL deref in grub_normal_print_device_info().
9
10I'm not sure if there's any implication with the IEEE 1275 platform.
11
12Signed-off-by: Daniel Axtens <dja@axtens.net>
13Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
14
15Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6afbe6063c95b827372f9ec310c9fc7461311eb1]
16Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
17---
18 grub-core/commands/ls.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c
22index 5b7491a..326d2d6 100644
23--- a/grub-core/commands/ls.c
24+++ b/grub-core/commands/ls.c
25@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human)
26 goto fail;
27 }
28
29- if (! *path)
30+ if (! *path && device_name)
31 {
32 if (grub_errno == GRUB_ERR_UNKNOWN_FS)
33 grub_errno = GRUB_ERR_NONE;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 84b8b8d1be..0454b09d52 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -91,6 +91,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
91 file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \ 91 file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
92 file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \ 92 file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
93 file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \ 93 file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
94 file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
94 " 95 "
95SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" 96SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
96SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" 97SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-25 13:38:28 +0000