[PATCH] commands/file: Fix null dereference in the knetbsd tests

[PATCH] commands/file: Fix null dereference in the knetbsd tests

[Glenn Washburn]

From: Lukas Fink <lukas.fink1@gmail.com>

The pointer returned by grub_elf_file() is not checked to verify it is not
null before use. A null pointer may be returned when the given file does
not have a valid ELF header.

Fixes: https://savannah.gnu.org/bugs/?61960
Signed-off-by: Lukas Fink <lukas.fink1@gmail.com>
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
 grub-core/commands/file.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/grub-core/commands/file.c b/grub-core/commands/file.c
index 7c13e976b505..19602d75786b 100644
--- a/grub-core/commands/file.c
+++ b/grub-core/commands/file.c
@@ -306,6 +306,8 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
 
 	elf = grub_elf_file (file, file->name);
 
+	if (elf == NULL)
+	  break;
 	if (elf->ehdr.ehdr32.e_type != grub_cpu_to_le16_compile_time (ET_EXEC)
 	    || elf->ehdr.ehdr32.e_ident[EI_DATA] != ELFDATA2LSB)
 	  break;
-- 
2.34.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH] commands/file: Fix null dereference in the knetbsd tests

[Ross Philipson via Grub-devel]

On 1/5/25 12:24 AM, Glenn Washburn wrote:
> From: Lukas Fink <lukas.fink1@gmail.com>
> 
> The pointer returned by grub_elf_file() is not checked to verify it is not
> null before use. A null pointer may be returned when the given file does
> not have a valid ELF header.

Indeed or for a number of other reasons. Also other places in the switch 
check if elf == NULL.

Reviewed-by: Ross Philipson <ross.philipson@oracle.com>

> 
> Fixes: https://urldefense.com/v3/__https://savannah.gnu.org/bugs/?61960__;!!ACWV5N9M2RV99hQ!L8SmY4a1GhbF_jVSw1PgVVFTw85_c8-DzevGhhPXEAKZLBZhWQ7SbtR_O2rbR-lveEUY8m7Cws9K8J_FRnsDwnLMzXoo$
> Signed-off-by: Lukas Fink <lukas.fink1@gmail.com>
> Signed-off-by: Glenn Washburn <development@efficientek.com>
> ---
>   grub-core/commands/file.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/grub-core/commands/file.c b/grub-core/commands/file.c
> index 7c13e976b505..19602d75786b 100644
> --- a/grub-core/commands/file.c
> +++ b/grub-core/commands/file.c
> @@ -306,6 +306,8 @@ grub_cmd_file (grub_extcmd_context_t ctxt, int argc, char **args)
>   
>   	elf = grub_elf_file (file, file->name);
>   
> +	if (elf == NULL)
> +	  break;
>   	if (elf->ehdr.ehdr32.e_type != grub_cpu_to_le16_compile_time (ET_EXEC)
>   	    || elf->ehdr.ehdr32.e_ident[EI_DATA] != ELFDATA2LSB)
>   	  break;


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH] commands/file: Fix null dereference in the knetbsd tests

[Daniel Kiper]

On Tue, Jan 14, 2025 at 12:46:08PM -0800, Ross Philipson via Grub-devel wrote:
> On 1/5/25 12:24 AM, Glenn Washburn wrote:
> > From: Lukas Fink <lukas.fink1@gmail.com>
> >
> > The pointer returned by grub_elf_file() is not checked to verify it is not
> > null before use. A null pointer may be returned when the given file does
> > not have a valid ELF header.
>
> Indeed or for a number of other reasons. Also other places in the switch
> check if elf == NULL.
>
> Reviewed-by: Ross Philipson <ross.philipson@oracle.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel