mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-29 09:32:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

grub: avoid a memory leak

Browse Source 
This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 265baabc6e7ce4962c22489158dba113e0d74b91)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Marta Rybczynska
2022-02-18 11:05:47 +01:00
committed by Richard Purdie
parent a558b15d7f
commit 11b10eac41
2 changed files with 78 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch Normal file
View File

@@ -0,0 +1,77 @@
From 81117a77a9e945ee5e7c1f12bd5667e2a16cbe32 Mon Sep 17 00:00:00 2001
From: Marco A Benatto <mbenatto@redhat.com>
Date: Mon, 30 Nov 2020 12:18:24 -0300
Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
grub_xnu_writetree_toheap()
... to avoid memory leaks.
Fixes: CID 96640
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4b4027b6b1c877d7ab467896b04c7bd1aadcfa15]
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
grub-core/loader/xnu.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
index b3029a8..39ceff8 100644
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@@ -224,26 +224,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
if (! memorymap)
return grub_errno;
- driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey));
+ driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey));
if (! driverkey)
return grub_errno;
driverkey->name = grub_strdup ("DeviceTree");
if (! driverkey->name)
- return grub_errno;
+ {
+ err = grub_errno;
+ goto fail;
+ }
+
driverkey->datasize = sizeof (*extdesc);
driverkey->next = memorymap->first_child;
memorymap->first_child = driverkey;
driverkey->data = extdesc
= (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
if (! driverkey->data)
- return grub_errno;
+ {
+ err = grub_errno;
+ goto fail;
+ }
/* Allocate the space based on the size with dummy value. */
*size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
&src, target);
if (err)
- return err;
+ goto fail;
/* Put real data in the dummy. */
extdesc->addr = *target;
@@ -252,6 +259,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
/* Write the tree to heap. */
grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
return GRUB_ERR_NONE;
+
+ fail:
+ memorymap->first_child = NULL;
+
+ grub_free (driverkey->data);
+ grub_free (driverkey->name);
+ grub_free (driverkey);
+
+ return err;
}
/* Find a key or value in parent key. */

1
meta/recipes-bsp/grub/grub2.inc
View File

@@ -85,6 +85,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
file://0038-loader-xnu-Fix-memory-leak.patch \
file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"