From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1U1Niw-0005kD-5S for mharc-grub-devel@gnu.org; Fri, 01 Feb 2013 16:00:38 -0500 Received: from eggs.gnu.org ([208.118.235.92]:52293) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U1NfJ-0004C0-F0 for grub-devel@gnu.org; Fri, 01 Feb 2013 16:00:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1U1NeF-0004kJ-CI for grub-devel@gnu.org; Fri, 01 Feb 2013 15:56:53 -0500 Received: from mail-ee0-f49.google.com ([74.125.83.49]:50372) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U1NeF-0004j6-4p for grub-devel@gnu.org; Fri, 01 Feb 2013 15:55:47 -0500 Received: by mail-ee0-f49.google.com with SMTP id d4so2201411eek.36 for ; Fri, 01 Feb 2013 12:55:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=zY0IHBFtBZKyjxg1P95gfSHY1iKiQo3d2azKGTUB0C0=; b=s/mO6U0BB8Em7m1GJF/GRp+Wi+IftOpqtyaCZv0ezmGmhPQh6/wjITCRbNknRFeGs4 n71Lmrcs0AEWiw6zcW8m8s9O4+xVeTTfA2U5h9zBiTpbI5KDlqT4XnrXsARo1z6w1tpE DiPc5Dr/uPieeVv4ZhjxhRlWKOYBqXKLshcJ6I4B9HbDtll3Y2N5d/xQCcniWUojfkS+ 75W++Y2xoBW2mfGV33aJ8YVB6Rl5DwFyMYpoi21xHYpFlsNS6LdXk9KcN+w4Skto6Yeh OIyrnht7JWGsjVWz+SUoEadsduJDIC1nHLqL6pBJk08q6ZhiXDhwxgYQRyuwqBUtEu/t 1I2w== X-Received: by 10.14.201.69 with SMTP id a45mr42623301eeo.43.1359752145661; Fri, 01 Feb 2013 12:55:45 -0800 (PST) Received: from debian.x201.phnet (vpn-global-dhcp2-136.ethz.ch. [129.132.209.136]) by mx.google.com with ESMTPS id 46sm14337593eeg.4.2013.02.01.12.55.43 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 01 Feb 2013 12:55:44 -0800 (PST) Message-ID: <510C2BCD.4020803@gmail.com> Date: Fri, 01 Feb 2013 21:55:41 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.11) Gecko/20121122 Icedove/10.0.11 MIME-Version: 1.0 To: grub-devel@gnu.org Subject: Re: [PATCH] Fix crash on http References: <50649314.10406@linux.vnet.ibm.com> In-Reply-To: <50649314.10406@linux.vnet.ibm.com> X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigF260D84B3AA5638E2C4C01C7" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 74.125.83.49 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Feb 2013 21:00:37 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF260D84B3AA5638E2C4C01C7 Content-Type: multipart/mixed; boundary="------------080301020201060500090003" This is a multi-part message in MIME format. --------------080301020201060500090003 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 27.09.2012 19:55, Gustavo Luiz Duarte wrote: >=20 > Don't free file->data on receiving FIN flag since it is used all over w= ithout > checking. http_close() will be called later to free that memory. > Downstream bug: http://bugzilla.redhat.com/show_bug.cgi?id=3D860834 This patch of not just freeing fixes one instance of a more general problem. Please try the attached patch > --- > grub-core/net/http.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/grub-core/net/http.c b/grub-core/net/http.c > index a7542d1..a5f6f31 100644 > --- a/grub-core/net/http.c > +++ b/grub-core/net/http.c > @@ -386,7 +386,7 @@ http_establish (struct grub_file *file, grub_off_t = offset, int initial) >=20 > data->sock =3D grub_net_tcp_open (file->device->net->server, > HTTP_PORT, http_receive, > - http_err, http_err, > + http_err, NULL, > file); > if (!data->sock) > { --=20 Regards Vladimir '=CF=86-coder/phcoder' Serbinenko --------------080301020201060500090003 Content-Type: text/x-diff; name="http.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="http.diff" =3D=3D=3D modified file 'grub-core/net/http.c' --- grub-core/net/http.c 2012-06-22 20:09:31 +0000 +++ grub-core/net/http.c 2013-01-28 09:27:26 +0000 @@ -157,9 +157,10 @@ =20 if (data->sock) grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); + data->sock =3D 0; if (data->current_line) grub_free (data->current_line); - grub_free (data); + data->current_line =3D 0; file->device->net->eof =3D 1; file->device->net->stall =3D 1; if (file->size =3D=3D GRUB_FILE_SIZE_UNKNOWN) @@ -175,6 +176,12 @@ http_data_t data =3D file->data; grub_err_t err; =20 + if (!data->sock) + { + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + } + while (1) { char *ptr =3D (char *) nb->data; @@ -432,7 +439,8 @@ grub_err_t err; old_data =3D file->data; /* FIXME: Reuse socket? */ - grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT); + if (old_data->sock) + grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT); old_data->sock =3D 0; =20 while (file->device->net->packs.first) @@ -529,7 +537,8 @@ =20 if (!file->device->net->eof) file->device->net->stall =3D 0; - grub_net_tcp_unstall (data->sock); + if (data && data->sock) + grub_net_tcp_unstall (data->sock); return 0; } =20 --------------080301020201060500090003-- --------------enigF260D84B3AA5638E2C4C01C7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREKAAYFAlEMK80ACgkQNak7dOguQgmkKgD9F6GPjGwgaEn1VfJgyid3aSeH Vu7WWToS16AmPpPZSKcBAJzyrB3OT23gxY7kcz2RvwhOmotq6uzuerwBPxzDiFGJ =2J/n -----END PGP SIGNATURE----- --------------enigF260D84B3AA5638E2C4C01C7--