mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-27 03:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

grub: fix a dangling memory pointer

Browse Source 
This change fixes a dangling memory pointer in the grub TFTP code.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 17a06ced4ed9305e0a4064bdaad49e653c18284b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Marta Rybczynska
2022-02-18 11:05:11 +01:00
committed by Richard Purdie
parent 6b514d38b7
commit 058d20254f
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch Normal file
View File

@@ -0,0 +1,33 @@
From 09cc0df477758b60f51fbc0da1dee2f5d54c333d Mon Sep 17 00:00:00 2001
From: Darren Kenny <darren.kenny@oracle.com>
Date: Fri, 19 Feb 2021 17:12:23 +0000
Subject: [PATCH] net/tftp: Fix dangling memory pointer
The static code analysis tool, Parfait, reported that the valid of
file->data was left referencing memory that was freed by the call to
grub_free(data) where data was initialized from file->data.
To ensure that there is no unintentional access to this memory
referenced by file->data we should set the pointer to NULL.
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0cb838b281a68b536a09681f9557ea6a7ac5da7a]
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
grub-core/net/tftp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
index 7d90bf6..f76b19f 100644
--- a/grub-core/net/tftp.c
+++ b/grub-core/net/tftp.c
@@ -468,6 +468,7 @@ tftp_close (struct grub_file *file)
}
destroy_pq (data);
grub_free (data);
+ file->data = NULL;
return GRUB_ERR_NONE;
}

1
meta/recipes-bsp/grub/grub2.inc
View File

@@ -49,6 +49,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://CVE-2020-25647.patch \
file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"