diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-02-18 11:05:46 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-02 00:21:37 +0000 |
commit | a558b15d7f5d49ce6f82969650315bc91ec81490 (patch) | |
tree | 6e758f2fe2809b63e73e70f966c098a45a14b10d /meta | |
parent | dfae695343213adbd6658664c0b030944adf7478 (diff) | |
download | poky-a558b15d7f5d49ce6f82969650315bc91ec81490.tar.gz |
grub: add a fix for a memory leak
This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch | 38 | ||||
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch new file mode 100644 index 0000000000..41f09a22fc --- /dev/null +++ b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From 0a4aa7c16f65cdfaa1013f0796afa929f8d6dc1a Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Kenny <darren.kenny@oracle.com> | ||
3 | Date: Thu, 26 Nov 2020 12:53:10 +0000 | ||
4 | Subject: [PATCH] loader/xnu: Fix memory leak | ||
5 | |||
6 | The code here is finished with the memory stored in name, but it only | ||
7 | frees it if there curvalue is valid, while it could actually free it | ||
8 | regardless. | ||
9 | |||
10 | The fix is a simple relocation of the grub_free() to before the test | ||
11 | of curvalue. | ||
12 | |||
13 | Fixes: CID 96646 | ||
14 | |||
15 | Signed-off-by: Darren Kenny <darren.kenny@oracle.com> | ||
16 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
17 | |||
18 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bcb59ece3263d118510c4440c4da0950f224bb7f] | ||
19 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
20 | --- | ||
21 | grub-core/loader/xnu.c | 2 +- | ||
22 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
23 | |||
24 | diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c | ||
25 | index 07232d2..b3029a8 100644 | ||
26 | --- a/grub-core/loader/xnu.c | ||
27 | +++ b/grub-core/loader/xnu.c | ||
28 | @@ -1388,9 +1388,9 @@ grub_xnu_fill_devicetree (void) | ||
29 | name[len] = 0; | ||
30 | |||
31 | curvalue = grub_xnu_create_value (curkey, name); | ||
32 | + grub_free (name); | ||
33 | if (!curvalue) | ||
34 | return grub_errno; | ||
35 | - grub_free (name); | ||
36 | |||
37 | data = grub_malloc (grub_strlen (var->value) + 1); | ||
38 | if (!data) | ||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 8b55afccbb..c9e7a06a3f 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -84,6 +84,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
84 | file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ | 84 | file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ |
85 | file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ | 85 | file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ |
86 | file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ | 86 | file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ |
87 | file://0038-loader-xnu-Fix-memory-leak.patch \ | ||
87 | " | 88 | " |
88 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" | 89 | SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" |
89 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" | 90 | SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |