From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Re2mG-0005GN-HR for mharc-grub-devel@gnu.org; Fri, 23 Dec 2011 05:55:04 -0500 Received: from eggs.gnu.org ([140.186.70.92]:36133) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Re2mA-0005Et-TM for grub-devel@gnu.org; Fri, 23 Dec 2011 05:55:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Re2m6-0006cn-UW for grub-devel@gnu.org; Fri, 23 Dec 2011 05:54:58 -0500 Received: from mail-ww0-f49.google.com ([74.125.82.49]:34827) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Re2m6-0006cj-Nj for grub-devel@gnu.org; Fri, 23 Dec 2011 05:54:54 -0500 Received: by wgbdt11 with SMTP id dt11so13786484wgb.30 for ; Fri, 23 Dec 2011 02:54:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=xEP5XAuKG254+mIxoMg9WmKl2W1BOv15L4oy8sISUWE=; b=Gxebch3e3uGY/mY4cP8BI5hg0mXvuNanynZg2si4M1708QAqKKiOPjYGLTlSIFaEP3 8XulBZq/1qcOFplSlNnd9ayygtqZIlvuDm24yJ5dbcFzEMbYIFfo4mZyeXsDH+wnF13+ wp4QElMdYM5tCK9WiMvsIZpucTwIGUzKO0pEc= Received: by 10.227.202.211 with SMTP id ff19mr14007455wbb.15.1324637693917; Fri, 23 Dec 2011 02:54:53 -0800 (PST) Received: from debian.x201.phnet (77-234.197-178.cust.bluewin.ch. [178.197.234.77]) by mx.google.com with ESMTPS id ep16sm13128584wbb.21.2011.12.23.02.54.51 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 23 Dec 2011 02:54:52 -0800 (PST) Message-ID: <4EF45DF9.9070606@gmail.com> Date: Fri, 23 Dec 2011 11:54:49 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 MIME-Version: 1.0 To: grub-devel@gnu.org Subject: Re: [PATCH] net/route: Fix NULL pointer dereference when deleting last route References: <1323164525.576940.462296647323.1.gpush@pororo> In-Reply-To: <1323164525.576940.462296647323.1.gpush@pororo> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 74.125.82.49 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2011 10:55:02 -0000 On 06.12.2011 10:42, Jeremy Kerr wrote: > Currently, grub_cmd_delroute will crash when deleting the last route. > In the deletion code, we remove the matching route from the route list: > > *prev = route->next > > - route->next being NULL to mark the end of the list. We then process > the for loop's iterator, which contains: > > prev =&((*prev)->next) > > ie, > > prev = NULL->next; > > Instead, break out of the for-loop when we've deleted the route. > > * grub-core/net/net.c (grub_cmd_delroute): fix NULL deref when deleting > last route Bug is real but fix is wrong. Committed the right fix. > --- > grub-core/net/net.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/grub-core/net/net.c b/grub-core/net/net.c > index 09acea9..cafec41 100644 > --- a/grub-core/net/net.c > +++ b/grub-core/net/net.c > @@ -430,6 +430,7 @@ grub_cmd_delroute (struct grub_command *cmd __attribute__ ((unused)), > *prev = route->next; > grub_free (route->name); > grub_free (route); > + break; > } > > return GRUB_ERR_NONE; > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > -- Regards Vladimir 'φ-coder/phcoder' Serbinenko