From: Jon McCune <jonmccune@google.com>
To: grub-devel@gnu.org
Cc: Jon McCune <jonmccune@google.com>
Subject: [PATCH v0] Fix double-free introduced by commit 33d02a42d64cf06cada1c389e5abba4b9d196cc5
Date: Fri, 13 Dec 2013 11:00:26 -0800 [thread overview]
Message-ID: <1386961226-32061-1-git-send-email-jonmccune@google.com> (raw)
To reproduce the problem, make sure you have a GPG public key available, build and install GRUB:
grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda
Sign all the files in /boot/grub/* and reboot.
I tested in a QEMU VM using an i386 target. I was *not* able to successfully test the changes to the compression routines with 'make check'. If somebody else could do that, it would be much appreciated.
Signed-off-by: Jon McCune <jonmccune@google.com>
---
grub-core/commands/verify.c | 1 +
grub-core/io/gzio.c | 1 +
grub-core/io/lzopio.c | 1 +
grub-core/io/xzio.c | 1 +
grub-core/kern/file.c | 1 +
5 files changed, 5 insertions(+)
diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c
index dbe7e83..e14e07c 100644
--- a/grub-core/commands/verify.c
+++ b/grub-core/commands/verify.c
@@ -885,6 +885,7 @@ grub_pubkey_open (grub_file_t io, const char *filename)
if (err)
return NULL;
io->device = 0;
+ io->name = 0;
grub_file_close (io);
return ret;
}
diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
index 59ad6da..af222a8 100644
--- a/grub-core/io/gzio.c
+++ b/grub-core/io/gzio.c
@@ -1259,6 +1259,7 @@ grub_gzio_close (grub_file_t file)
/* No need to close the same device twice. */
file->device = 0;
+ file->name = 0;
return grub_errno;
}
diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c
index 2895e21..0606d41 100644
--- a/grub-core/io/lzopio.c
+++ b/grub-core/io/lzopio.c
@@ -525,6 +525,7 @@ grub_lzopio_close (grub_file_t file)
/* Device must not be closed twice. */
file->device = 0;
+ file->name = 0;
return grub_errno;
}
diff --git a/grub-core/io/xzio.c b/grub-core/io/xzio.c
index bcce242..10eb595 100644
--- a/grub-core/io/xzio.c
+++ b/grub-core/io/xzio.c
@@ -319,6 +319,7 @@ grub_xzio_close (grub_file_t file)
/* Device must not be closed twice. */
file->device = 0;
+ file->name = 0;
return grub_errno;
}
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
index 24da12b..9083e4f 100644
--- a/grub-core/kern/file.c
+++ b/grub-core/kern/file.c
@@ -188,6 +188,7 @@ grub_file_close (grub_file_t file)
if (file->device)
grub_device_close (file->device);
grub_free (file->name);
+ file->name = 0;
grub_free (file);
return grub_errno;
}
--
1.8.5.1
reply other threads:[~2013-12-13 19:00 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1386961226-32061-1-git-send-email-jonmccune@google.com \
--to=jonmccune@google.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).