dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0353-net-tftp-Fix-dangling-memory-pointer.patch

b1bcb2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b1bcb2
From: Darren Kenny <darren.kenny@oracle.com>
b1bcb2
Date: Fri, 19 Feb 2021 17:12:23 +0000
b1bcb2
Subject: [PATCH] net/tftp: Fix dangling memory pointer
b1bcb2
b1bcb2
The static code analysis tool, Parfait, reported that the valid of
b1bcb2
file->data was left referencing memory that was freed by the call to
b1bcb2
grub_free(data) where data was initialized from file->data.
b1bcb2
b1bcb2
To ensure that there is no unintentional access to this memory
b1bcb2
referenced by file->data we should set the pointer to NULL.
b1bcb2
b1bcb2
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
b1bcb2
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b1bcb2
---
b1bcb2
 grub-core/net/tftp.c | 1 +
b1bcb2
 1 file changed, 1 insertion(+)
b1bcb2
b1bcb2
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
b1bcb2
index b9a4b607a3d..aa0424dcee3 100644
b1bcb2
--- a/grub-core/net/tftp.c
b1bcb2
+++ b/grub-core/net/tftp.c
b1bcb2
@@ -444,6 +444,7 @@ tftp_close (struct grub_file *file)
b1bcb2
       grub_net_udp_close (data->sock);
b1bcb2
     }
b1bcb2
   grub_free (data);
b1bcb2
+  file->data = NULL;
b1bcb2
   return GRUB_ERR_NONE;
b1bcb2
 }
b1bcb2