From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VrXyY-0001cw-3h for mharc-grub-devel@gnu.org; Fri, 13 Dec 2013 14:00:38 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47501) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrXyV-0001cp-6D for grub-devel@gnu.org; Fri, 13 Dec 2013 14:00:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VrXyT-0008SI-Vo for grub-devel@gnu.org; Fri, 13 Dec 2013 14:00:35 -0500 Received: from mail-pb0-x249.google.com ([2607:f8b0:400e:c01::249]:43634) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrXyT-0008S2-OE for grub-devel@gnu.org; Fri, 13 Dec 2013 14:00:33 -0500 Received: by mail-pb0-f73.google.com with SMTP id rq2so224185pbb.0 for ; Fri, 13 Dec 2013 11:00:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=i6U9PybGNtVo7SlASACKSvxjor4Kt4M/nGGyi37ykQE=; b=GuH6UvhIa7iQ+KrNYAPLVIKoHHzeXiZb8AtAmeQh3E5b4RQcWi8x38X1YOz8cbouyD fgoMYMnMCDA5ZSNwVTbq+W8eueecRFlBErAHDT2qqoxx7HUwIwgItC4Ua0M8tVIEu7mT Tos6qZv+ZMNA5fFYJ4ljx8+2i9cOjy51w8qoLJ40mKppwsL5JBYBNKB8yLBzewh9fgBe Snf5XXYzDGFMYmjISdOlpN1oksMiZltGmCI+Ns5TBgol6vJuWA6OX9AcEfBKd0xj9rWl oGcQvU3M1/G6nnYyorjbINxSsL47XwQfXeSgyWTILN+YXGIqnexQ9wfYU0OtrNQxD3YR 1Jfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=i6U9PybGNtVo7SlASACKSvxjor4Kt4M/nGGyi37ykQE=; b=kMRkCw398GasiUiGnrMolemHDASAMOMrrlOV+3nTq+XpmlArI4MK8hd9+dKvcSZLuX o3LpPsgehvjZQ0ydMozjhS8nBkUNtHnI2NahA948YcPW8VZl8QQDYNLLmLKqT8kM867a wDprsjU90BPWH0H6Ru8BpS2jvjntt3dyYov/HzqkLci9KXK3jH/3YQGoDW6AC/S7Ng99 gz1Z61LOLDGaWEve5fcCAnupTqyLHax3syEWq5UY01TD+0r5Y8jz4Sg0GB/urnDOeyOG svTi0LXQrjHRoKgl0SIIIl+hNEo4k9NSAe8T6D7JXebf/Kaw4ty3/ygICnFmk8gpbCpK 0FZg== X-Gm-Message-State: ALoCoQl36jzg46d702DwckPTlBP2HZJNLR+nGbqLcrKXWpaZ2PAz/vkgppSVho2xyChq9NHSzUXOeEQYEXQoykRhhmtL8iUG3ZZq7U4GhDiF8odWhVA4LUgNZBmbBB6wCH9P++PzL2vHLEAIxPB/jVlCarRGuz1vzUeCtFS7gxCG2xLjA5RI5/BgCfqruxPviu6V7UbNuJVaLQExssES2FwodnE2YW2usg9B7oCaTow+WW5xi7k6gaw= X-Received: by 10.66.65.109 with SMTP id w13mr2266067pas.21.1386961232174; Fri, 13 Dec 2013 11:00:32 -0800 (PST) Received: from corp2gmr1-1.hot.corp.google.com (corp2gmr1-1.hot.corp.google.com [172.24.189.92]) by gmr-mx.google.com with ESMTPS id l41si844739yhi.5.2013.12.13.11.00.32 for (version=TLSv1.1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 13 Dec 2013 11:00:32 -0800 (PST) Received: from yinz.mtv.corp.google.com (yinz.mtv.corp.google.com [172.17.81.122]) by corp2gmr1-1.hot.corp.google.com (Postfix) with ESMTP id F074C31C1D0; Fri, 13 Dec 2013 11:00:31 -0800 (PST) Received: by yinz.mtv.corp.google.com (Postfix, from userid 184367) id 9B958C71AE; Fri, 13 Dec 2013 11:00:31 -0800 (PST) From: Jon McCune To: grub-devel@gnu.org Subject: [PATCH v0] Fix double-free introduced by commit 33d02a42d64cf06cada1c389e5abba4b9d196cc5 Date: Fri, 13 Dec 2013 11:00:26 -0800 Message-Id: <1386961226-32061-1-git-send-email-jonmccune@google.com> X-Mailer: git-send-email 1.8.5.1 X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2607:f8b0:400e:c01::249 Cc: Jon McCune X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Dec 2013 19:00:37 -0000 To reproduce the problem, make sure you have a GPG public key available, build and install GRUB: grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda Sign all the files in /boot/grub/* and reboot. I tested in a QEMU VM using an i386 target. I was *not* able to successfully test the changes to the compression routines with 'make check'. If somebody else could do that, it would be much appreciated. Signed-off-by: Jon McCune --- grub-core/commands/verify.c | 1 + grub-core/io/gzio.c | 1 + grub-core/io/lzopio.c | 1 + grub-core/io/xzio.c | 1 + grub-core/kern/file.c | 1 + 5 files changed, 5 insertions(+) diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c index dbe7e83..e14e07c 100644 --- a/grub-core/commands/verify.c +++ b/grub-core/commands/verify.c @@ -885,6 +885,7 @@ grub_pubkey_open (grub_file_t io, const char *filename) if (err) return NULL; io->device = 0; + io->name = 0; grub_file_close (io); return ret; } diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c index 59ad6da..af222a8 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -1259,6 +1259,7 @@ grub_gzio_close (grub_file_t file) /* No need to close the same device twice. */ file->device = 0; + file->name = 0; return grub_errno; } diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c index 2895e21..0606d41 100644 --- a/grub-core/io/lzopio.c +++ b/grub-core/io/lzopio.c @@ -525,6 +525,7 @@ grub_lzopio_close (grub_file_t file) /* Device must not be closed twice. */ file->device = 0; + file->name = 0; return grub_errno; } diff --git a/grub-core/io/xzio.c b/grub-core/io/xzio.c index bcce242..10eb595 100644 --- a/grub-core/io/xzio.c +++ b/grub-core/io/xzio.c @@ -319,6 +319,7 @@ grub_xzio_close (grub_file_t file) /* Device must not be closed twice. */ file->device = 0; + file->name = 0; return grub_errno; } diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c index 24da12b..9083e4f 100644 --- a/grub-core/kern/file.c +++ b/grub-core/kern/file.c @@ -188,6 +188,7 @@ grub_file_close (grub_file_t file) if (file->device) grub_device_close (file->device); grub_free (file->name); + file->name = 0; grub_free (file); return grub_errno; } -- 1.8.5.1