dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

80913e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
80913e
From: Marco A Benatto <mbenatto@redhat.com>
80913e
Date: Mon, 7 Dec 2020 11:53:03 -0300
80913e
Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
80913e
 make_vg()
80913e
80913e
Several error handling paths in make_vg() do not free comp data before
80913e
jumping to fail2 label and returning from the function. This will leak
80913e
memory. So, let's fix all issues of that kind.
80913e
80913e
Fixes: CID 73804
80913e
80913e
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
80913e
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
80913e
---
80913e
 grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
80913e
 1 file changed, 44 insertions(+), 7 deletions(-)
80913e
80913e
diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
80913e
index 58f8a53e1ab..428415fac24 100644
80913e
--- a/grub-core/disk/ldm.c
80913e
+++ b/grub-core/disk/ldm.c
80913e
@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
80913e
 	      comp->segments = grub_calloc (comp->segment_alloc,
80913e
 					    sizeof (*comp->segments));
80913e
 	      if (!comp->segments)
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 	    }
80913e
 	  else
80913e
 	    {
80913e
@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
80913e
 	      comp->segment_count = 1;
80913e
 	      comp->segments = grub_malloc (sizeof (*comp->segments));
80913e
 	      if (!comp->segments)
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 	      comp->segments->start_extent = 0;
80913e
 	      comp->segments->extent_count = lv->size;
80913e
 	      comp->segments->layout = 0;
80913e
@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
80913e
 		  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
80913e
 		}
80913e
 	      else
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->segments);
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 	      ptr += *ptr + 1;
80913e
 	      ptr++;
80913e
 	      if (!(vblk[i].flags & 0x10))
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->segments);
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 	      if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
80913e
 		  || ptr + *ptr + 1 >= vblk[i].dynamic
80913e
 		  + sizeof (vblk[i].dynamic))
80913e
 		{
80913e
+		  grub_free (comp->segments);
80913e
 		  grub_free (comp->internal_id);
80913e
 		  grub_free (comp);
80913e
 		  goto fail2;
80913e
@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
80913e
 	      if (ptr + *ptr + 1 >= vblk[i].dynamic
80913e
 		  + sizeof (vblk[i].dynamic))
80913e
 		{
80913e
+		  grub_free (comp->segments);
80913e
 		  grub_free (comp->internal_id);
80913e
 		  grub_free (comp);
80913e
 		  goto fail2;
80913e
@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
80913e
 	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
80913e
 						   sizeof (*comp->segments->nodes));
80913e
 	      if (!lv->segments->nodes)
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->segments);
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 	    }
80913e
 
80913e
 	  if (lv->segments->node_alloc == lv->segments->node_count)
80913e
@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
80913e
 
80913e
 	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
80913e
 		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->segments->nodes);
80913e
+		  grub_free (comp->segments);
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 
80913e
 	      t = grub_realloc (lv->segments->nodes, sz);
80913e
 	      if (!t)
80913e
-		goto fail2;
80913e
+		{
80913e
+		  grub_free (comp->segments->nodes);
80913e
+		  grub_free (comp->segments);
80913e
+		  grub_free (comp->internal_id);
80913e
+		  grub_free (comp);
80913e
+		  goto fail2;
80913e
+		}
80913e
 	      lv->segments->nodes = t;
80913e
 	    }
80913e
 	  lv->segments->nodes[lv->segments->node_count].pv = 0;