File 0005-tftp-fix-memory-leaks-in-open.patch of Package grub2.3460
From 77002c65d3532384682dd1ac861f4349089c5704 Mon Sep 17 00:00:00 2001
From: Andrei Borzenkov <arvidjaar@gmail.com>
Date: Sat, 16 Jan 2016 21:27:57 +0300
Subject: [PATCH] tftp: fix memory leaks in open
If protocol open fails, file is immediately freed, so data was leaked.
Found by: Coverity scan.
CID: 96659
---
grub-core/net/tftp.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
Index: grub-2.02~beta2/grub-core/net/tftp.c
===================================================================
--- grub-2.02~beta2.orig/grub-core/net/tftp.c
+++ grub-2.02~beta2/grub-core/net/tftp.c
@@ -326,7 +326,10 @@ tftp_open (struct grub_file *file, const
grub_netbuff_reserve (&nb, 1500);
err = grub_netbuff_push (&nb, sizeof (*tftph));
if (err)
- return err;
+ {
+ grub_free (data);
+ return err;
+ }
tftph = (struct tftphdr *) nb.data;
@@ -361,19 +364,26 @@ tftp_open (struct grub_file *file, const
err = grub_netbuff_unput (&nb, nb.tail - (nb.data + hdrlen));
if (err)
- return err;
+ {
+ grub_free (data);
+ return err;
+ }
file->not_easily_seekable = 1;
file->data = data;
data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp);
if (!data->pq)
- return grub_errno;
+ {
+ grub_free (data);
+ return grub_errno;
+ }
err = grub_net_resolve_address (file->device->net->server, &addr);
if (err)
{
destroy_pq (data);
+ grub_free (data);
return err;
}
@@ -383,6 +393,7 @@ tftp_open (struct grub_file *file, const
if (!data->sock)
{
destroy_pq (data);
+ grub_free (data);
return grub_errno;
}
@@ -396,6 +407,7 @@ tftp_open (struct grub_file *file, const
{
grub_net_udp_close (data->sock);
destroy_pq (data);
+ grub_free (data);
return err;
}
grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION),
@@ -412,6 +424,7 @@ tftp_open (struct grub_file *file, const
{
grub_net_udp_close (data->sock);
destroy_pq (data);
+ grub_free (data);
return grub_errno;
}