diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-02-18 11:05:19 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-02 00:21:36 +0000 |
commit | ba476f819f8c122d1d26222986a4a8a2966a6246 (patch) | |
tree | c1f33bb822d34897395f722169cee18b17ae1458 /meta/recipes-bsp | |
parent | ab977b3f498ecd0a0254de90f36bb00b98227929 (diff) | |
download | poky-ba476f819f8c122d1d26222986a4a8a2966a6246.tar.gz |
grub: add a fix for NULL pointer dereference
Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
-rw-r--r-- | meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch | 53 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch new file mode 100644 index 0000000000..4f43fcf7d5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Kenny <darren.kenny@oracle.com> | ||
3 | Date: Thu, 5 Nov 2020 10:57:14 +0000 | ||
4 | Subject: [PATCH] gnulib/regexec: Fix possible null-dereference | ||
5 | |||
6 | It appears to be possible that the mctx->state_log field may be NULL, | ||
7 | and the name of this function, clean_state_log_if_needed(), suggests | ||
8 | that it should be checking that it is valid to be cleaned before | ||
9 | assuming that it does. | ||
10 | |||
11 | Fixes: CID 86720 | ||
12 | |||
13 | Signed-off-by: Darren Kenny <darren.kenny@oracle.com> | ||
14 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
15 | |||
16 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647] | ||
17 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
18 | --- | ||
19 | conf/Makefile.extra-dist | 1 + | ||
20 | .../lib/gnulib-patches/fix-regexec-null-deref.patch | 12 ++++++++++++ | ||
21 | 2 files changed, 13 insertions(+) | ||
22 | create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | ||
23 | |||
24 | diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist | ||
25 | index 96d7e69..d27d3a9 100644 | ||
26 | --- a/conf/Makefile.extra-dist | ||
27 | +++ b/conf/Makefile.extra-dist | ||
28 | @@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh | ||
29 | |||
30 | EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch | ||
31 | EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch | ||
32 | +EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | ||
33 | EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch | ||
34 | EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch | ||
35 | EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch | ||
36 | diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | ||
37 | new file mode 100644 | ||
38 | index 0000000..db6dac9 | ||
39 | --- /dev/null | ||
40 | +++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | ||
41 | @@ -0,0 +1,12 @@ | ||
42 | +--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000 | ||
43 | ++++ b/lib/regexec.c 2020-11-05 10:55:09.621542984 +0000 | ||
44 | +@@ -1692,6 +1692,9 @@ | ||
45 | + { | ||
46 | + Idx top = mctx->state_log_top; | ||
47 | + | ||
48 | ++ if (mctx->state_log == NULL) | ||
49 | ++ return REG_NOERROR; | ||
50 | ++ | ||
51 | + if ((next_state_log_idx >= mctx->input.bufs_len | ||
52 | + && mctx->input.bufs_len < mctx->input.len) | ||
53 | + || (next_state_log_idx >= mctx->input.valid_len | ||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 94873475c1..e7168e75ea 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -57,6 +57,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
57 | file://0008-gnulib-regexec-Resolve-unused-variable.patch \ | 57 | file://0008-gnulib-regexec-Resolve-unused-variable.patch \ |
58 | file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ | 58 | file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ |
59 | file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ | 59 | file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ |
60 | file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \ | ||
60 | " | 61 | " |
61 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" | 62 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" |
62 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" | 63 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |