|
|
b1bcb2 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
c4e390 |
From: Alexey Makhalov <amakhalov@vmware.com>
|
|
|
c4e390 |
Date: Wed, 8 Jul 2020 21:30:43 +0000
|
|
|
b1bcb2 |
Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property()
|
|
|
c4e390 |
|
|
|
c4e390 |
grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
|
|
|
c4e390 |
allocated and freed in the caller.
|
|
|
c4e390 |
|
|
|
c4e390 |
Minor improvement: do prop fields initialization after memory allocations.
|
|
|
c4e390 |
|
|
|
c4e390 |
Fixes: CID 292442, CID 292457, CID 292460, CID 292466
|
|
|
c4e390 |
|
|
|
c4e390 |
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
|
|
c4e390 |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
c4e390 |
Upstream-commit-id: 4d5e2d13519
|
|
|
c4e390 |
---
|
|
|
c4e390 |
grub-core/loader/i386/xnu.c | 19 +++++++++----------
|
|
|
c4e390 |
1 file changed, 9 insertions(+), 10 deletions(-)
|
|
|
c4e390 |
|
|
|
c4e390 |
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
|
|
|
c4e390 |
index 875048e1353..424488a9f7c 100644
|
|
|
c4e390 |
--- a/grub-core/loader/i386/xnu.c
|
|
|
c4e390 |
+++ b/grub-core/loader/i386/xnu.c
|
|
|
c4e390 |
@@ -259,20 +259,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
|
|
|
c4e390 |
if (!prop)
|
|
|
c4e390 |
return grub_errno;
|
|
|
c4e390 |
|
|
|
c4e390 |
+ prop->data = grub_malloc (datalen);
|
|
|
c4e390 |
+ if (!prop->data)
|
|
|
c4e390 |
+ {
|
|
|
c4e390 |
+ grub_free (prop);
|
|
|
c4e390 |
+ return grub_errno;
|
|
|
c4e390 |
+ }
|
|
|
c4e390 |
+ grub_memcpy (prop->data, data, datalen);
|
|
|
c4e390 |
+
|
|
|
c4e390 |
prop->name = utf8;
|
|
|
c4e390 |
prop->name16 = utf16;
|
|
|
c4e390 |
prop->name16len = utf16len;
|
|
|
c4e390 |
-
|
|
|
c4e390 |
prop->length = datalen;
|
|
|
c4e390 |
- prop->data = grub_malloc (prop->length);
|
|
|
c4e390 |
- if (!prop->data)
|
|
|
c4e390 |
- {
|
|
|
c4e390 |
- grub_free (prop);
|
|
|
c4e390 |
- grub_free (prop->name);
|
|
|
c4e390 |
- grub_free (prop->name16);
|
|
|
c4e390 |
- return grub_errno;
|
|
|
c4e390 |
- }
|
|
|
c4e390 |
- grub_memcpy (prop->data, data, prop->length);
|
|
|
c4e390 |
+
|
|
|
c4e390 |
grub_list_push (GRUB_AS_LIST_P (&dev->properties),
|
|
|
c4e390 |
GRUB_AS_LIST (prop));
|
|
|
c4e390 |
return GRUB_ERR_NONE;
|