[PATCH] Fix crash on http

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Fix crash on http
@ 2012-09-27 17:55 Gustavo Luiz Duarte
  2013-02-01 20:55 ` Vladimir 'φ-coder/phcoder' Serbinenko
  0 siblings, 1 reply; 4+ messages in thread
From: Gustavo Luiz Duarte @ 2012-09-27 17:55 UTC (permalink / raw)
  To: grub-devel


Don't free file->data on receiving FIN flag since it is used all over without
checking. http_close() will be called later to free that memory.
Downstream bug: http://bugzilla.redhat.com/show_bug.cgi?id=860834
---
 grub-core/net/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index a7542d1..a5f6f31 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -386,7 +386,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial)

   data->sock = grub_net_tcp_open (file->device->net->server,
                                  HTTP_PORT, http_receive,
-                                 http_err, http_err,
+                                 http_err, NULL,
                                  file);
   if (!data->sock)
     {
-- 
1.7.11.4



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] Fix crash on http
  2012-09-27 17:55 [PATCH] Fix crash on http Gustavo Luiz Duarte
@ 2013-02-01 20:55 ` Vladimir 'φ-coder/phcoder' Serbinenko
  0 siblings, 0 replies; 4+ messages in thread
From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2013-02-01 20:55 UTC (permalink / raw)
  To: grub-devel


[-- Attachment #1.1: Type: text/plain, Size: 1105 bytes --]

On 27.09.2012 19:55, Gustavo Luiz Duarte wrote:

> 
> Don't free file->data on receiving FIN flag since it is used all over without
> checking. http_close() will be called later to free that memory.
> Downstream bug: http://bugzilla.redhat.com/show_bug.cgi?id=860834

This patch of not just freeing fixes one instance of a more general
problem. Please try the attached patch

> ---
>  grub-core/net/http.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/grub-core/net/http.c b/grub-core/net/http.c
> index a7542d1..a5f6f31 100644
> --- a/grub-core/net/http.c
> +++ b/grub-core/net/http.c
> @@ -386,7 +386,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial)
> 
>    data->sock = grub_net_tcp_open (file->device->net->server,
>                                   HTTP_PORT, http_receive,
> -                                 http_err, http_err,
> +                                 http_err, NULL,
>                                   file);
>    if (!data->sock)
>      {



-- 
Regards
Vladimir 'φ-coder/phcoder' Serbinenko

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: http.diff --]
[-- Type: text/x-diff; name="http.diff", Size: 1283 bytes --]

=== modified file 'grub-core/net/http.c'
--- grub-core/net/http.c	2012-06-22 20:09:31 +0000
+++ grub-core/net/http.c	2013-01-28 09:27:26 +0000
@@ -157,9 +157,10 @@
 
   if (data->sock)
     grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT);
+  data->sock = 0;
   if (data->current_line)
     grub_free (data->current_line);
-  grub_free (data);
+  data->current_line = 0;
   file->device->net->eof = 1;
   file->device->net->stall = 1;
   if (file->size == GRUB_FILE_SIZE_UNKNOWN)
@@ -175,6 +176,12 @@
   http_data_t data = file->data;
   grub_err_t err;
 
+  if (!data->sock)
+    {
+      grub_netbuff_free (nb);
+      return GRUB_ERR_NONE;
+    }
+
   while (1)
     {
       char *ptr = (char *) nb->data;
@@ -432,7 +439,8 @@
   grub_err_t err;
   old_data = file->data;
   /* FIXME: Reuse socket?  */
-  grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT);
+  if (old_data->sock)
+    grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT);
   old_data->sock = 0;
 
   while (file->device->net->packs.first)
@@ -529,7 +537,8 @@
 
   if (!file->device->net->eof)
     file->device->net->stall = 0;
-  grub_net_tcp_unstall (data->sock);
+  if (data && data->sock)
+    grub_net_tcp_unstall (data->sock);
   return 0;
 }
 


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 294 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] Fix crash on http
@ 2019-09-17 15:44 Javier Martinez Canillas
  2019-09-18 12:24 ` Daniel Kiper
  0 siblings, 1 reply; 4+ messages in thread
From: Javier Martinez Canillas @ 2019-09-17 15:44 UTC (permalink / raw)
  To: grub-devel
  Cc: Gustavo Luiz Duarte, Javier Martinez Canillas,
	Vladimir Serbinenko, Daniel Kiper

From: Gustavo Luiz Duarte <gustavold@linux.vnet.ibm.com>

Don't free file->data on receiving FIN flag since it is used all over
without checking. http_close() will be called later to free that memory.

https://bugzilla.redhat.com/show_bug.cgi?id=860834

Signed-off-by: Gustavo Luiz Duarte <gustavold@linux.vnet.ibm.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---

 grub-core/net/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index 5aa4ad3befc..ec3647f9a0c 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -392,7 +392,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial)
 
   data->sock = grub_net_tcp_open (file->device->net->server,
 				  HTTP_PORT, http_receive,
-				  http_err, http_err,
+				  http_err, NULL,
 				  file);
   if (!data->sock)
     {
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] Fix crash on http
  2019-09-17 15:44 Javier Martinez Canillas
@ 2019-09-18 12:24 ` Daniel Kiper
  0 siblings, 0 replies; 4+ messages in thread
From: Daniel Kiper @ 2019-09-18 12:24 UTC (permalink / raw)
  To: Javier Martinez Canillas
  Cc: grub-devel, Gustavo Luiz Duarte, Vladimir Serbinenko

On Tue, Sep 17, 2019 at 05:44:58PM +0200, Javier Martinez Canillas wrote:
> From: Gustavo Luiz Duarte <gustavold@linux.vnet.ibm.com>
>
> Don't free file->data on receiving FIN flag since it is used all over
> without checking. http_close() will be called later to free that memory.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=860834
>
> Signed-off-by: Gustavo Luiz Duarte <gustavold@linux.vnet.ibm.com>
> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

If there are no objections I will push that patch, together with the
patches reviewed this week and earlier, on the beginning of next week.
Well, sounds weird but I hope that you know what I mean... :-)))

Daniel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-09-18 12:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-27 17:55 [PATCH] Fix crash on http Gustavo Luiz Duarte
2013-02-01 20:55 ` Vladimir 'φ-coder/phcoder' Serbinenko
  -- strict thread matches above, loose matches on Subject: below --
2019-09-17 15:44 Javier Martinez Canillas
2019-09-18 12:24 ` Daniel Kiper

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.