grub: add a fix for NULL pointer dereference

Add a fix for gnulib's regexec NULL pointer dereference. This patch a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Marta Rybczynska <rybczynska@gmail.com> 2022-02-18 11:05:19 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-03-02 00:21:36 +0000
commit: ba476f819f8c122d1d26222986a4a8a2966a6246 (patch)
tree: c1f33bb822d34897395f722169cee18b17ae1458 /meta/recipes-bsp
parent: ab977b3f498ecd0a0254de90f36bb00b98227929 (diff)
download: poky-ba476f819f8c122d1d26222986a4a8a2966a6246.tar.gz
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
new file mode 100644
index 0000000000..4f43fcf7d5
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
@@ -0,0 +1,53 @@
+From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:57:14 +0000
+Subject: [PATCH] gnulib/regexec: Fix possible null-dereference
+It appears to be possible that the mctx->state_log field may be NULL,
+and the name of this function, clean_state_log_if_needed(), suggests
+that it should be checking that it is valid to be cleaned before
+assuming that it does.
+Fixes: CID 86720
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ conf/Makefile.extra-dist                             |  1 +
+ .../lib/gnulib-patches/fix-regexec-null-deref.patch  | 12 ++++++++++++
+ 2 files changed, 13 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 96d7e69..d27d3a9 100644
+--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+new file mode 100644
+index 0000000..db6dac9
+--- /dev/null
+++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+@@ -0,0 +1,12 @@
+--- a/lib/regexec.c    2020-10-21 14:25:35.310195912 +0000
++++ b/lib/regexec.c    2020-11-05 10:55:09.621542984 +0000
+@@ -1692,6 +1692,9 @@
+ {
+   Idx top = mctx->state_log_top;
+
++  if (mctx->state_log == NULL)
++    return REG_NOERROR;
++
+   if ((next_state_log_idx >= mctx->input.bufs_len
+        && mctx->input.bufs_len < mctx->input.len)
+       || (next_state_log_idx >= mctx->input.valid_len
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 94873475c1..e7168e75ea 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -57,6 +57,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://0008-gnulib-regexec-Resolve-unused-variable.patch \
           file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
           file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
+           file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
           "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
author	Marta Rybczynska <rybczynska@gmail.com>	2022-02-18 11:05:19 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-02 00:21:36 +0000
commit	ba476f819f8c122d1d26222986a4a8a2966a6246 (patch)
tree	c1f33bb822d34897395f722169cee18b17ae1458 /meta/recipes-bsp
parent	ab977b3f498ecd0a0254de90f36bb00b98227929 (diff)
download	poky-ba476f819f8c122d1d26222986a4a8a2966a6246.tar.gz

diff --git a/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch new file mode 100644 index 0000000000..4f43fcf7d5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
@@ -0,0 +1,53 @@
		1	From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001
		2	From: Darren Kenny <darren.kenny@oracle.com>
		3	Date: Thu, 5 Nov 2020 10:57:14 +0000
		4	Subject: [PATCH] gnulib/regexec: Fix possible null-dereference
		5
		6	It appears to be possible that the mctx->state_log field may be NULL,
		7	and the name of this function, clean_state_log_if_needed(), suggests
		8	that it should be checking that it is valid to be cleaned before
		9	assuming that it does.
		10
		11	Fixes: CID 86720
		12
		13	Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
		14	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		15
		16	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647]
		17	Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
		18	---
		19	conf/Makefile.extra-dist \| 1 +
		20	.../lib/gnulib-patches/fix-regexec-null-deref.patch \| 12 ++++++++++++
		21	2 files changed, 13 insertions(+)
		22	create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
		23
		24	diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
		25	index 96d7e69..d27d3a9 100644
		26	--- a/conf/Makefile.extra-dist
		27	+++ b/conf/Makefile.extra-dist
		28	@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
		29
		30	EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
		31	EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
		32	+EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
		33	EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
		34	EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
		35	EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
		36	diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
		37	new file mode 100644
		38	index 0000000..db6dac9
		39	--- /dev/null
		40	+++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
		41	@@ -0,0 +1,12 @@
		42	+--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000
		43	++++ b/lib/regexec.c 2020-11-05 10:55:09.621542984 +0000
		44	+@@ -1692,6 +1692,9 @@
		45	+ {
		46	+ Idx top = mctx->state_log_top;
		47	+
		48	++ if (mctx->state_log == NULL)
		49	++ return REG_NOERROR;
		50	++
		51	+ if ((next_state_log_idx >= mctx->input.bufs_len
		52	+ && mctx->input.bufs_len < mctx->input.len)
		53	+ \|\| (next_state_log_idx >= mctx->input.valid_len


diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 94873475c1..e7168e75ea 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -57,6 +57,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
57	file://0008-gnulib-regexec-Resolve-unused-variable.patch \	57	file://0008-gnulib-regexec-Resolve-unused-variable.patch \
58	file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \	58	file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
59	file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \	59	file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
		60	file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
60	"	61	"
61	SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"	62	SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
62	SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"	63	SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"