Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:michael-chang:efi:grub:nx
grub2
0005-loader-i386-efi-linux-Avoid-a-use-after-fr...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0005-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch of Package grub2
From 42d0a343dd1a2d3f64b22d954366f018153b4f50 Mon Sep 17 00:00:00 2001 From: Chris Coulson <chris.coulson@canonical.com> Date: Mon, 2 May 2022 14:39:31 +0200 Subject: [PATCH 05/28] loader/i386/efi/linux: Avoid a use-after-free in the linuxefi loader In some error paths in grub_cmd_linux, the pointer to lh may be dereferenced after the buffer it points to has been freed. There aren't any security implications from this because nothing else uses the allocator after the buffer is freed and before the pointer is dereferenced, but fix it anyway. Signed-off-by: Chris Coulson <chris.coulson@canonical.com> (cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2) --- grub-core/loader/i386/efi/linux.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c index ca3435a88..fdf11085a 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -400,9 +400,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), if (file) grub_file_close (file); - if (kernel) - grub_free (kernel); - if (grub_errno != GRUB_ERR_NONE) { grub_dl_unref (my_mod); @@ -418,6 +415,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), kernel_free (params, sizeof(*params)); } + grub_free (kernel); + return grub_errno; } -- 2.42.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor