dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0401-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch

9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Daniel Axtens <dja@axtens.net>
9723a8
Date: Thu, 21 Jan 2021 18:35:22 +1100
9723a8
Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found
9723a8
9723a8
Clean up a bunch of cases where we could have strstr() fail and lead to
9723a8
us dereferencing NULL.
9723a8
9723a8
We'll still leak memory in some cases (loops don't clean up allocations
9723a8
from earlier iterations if a later iteration fails) but at least we're
9723a8
not crashing.
9723a8
9723a8
Signed-off-by: Daniel Axtens <dja@axtens.net>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/disk/lvm.c | 22 +++++++++++++++++-----
9723a8
 1 file changed, 17 insertions(+), 5 deletions(-)
9723a8
9723a8
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
9723a8
index 1e80137c452..03587e744dc 100644
9723a8
--- a/grub-core/disk/lvm.c
9723a8
+++ b/grub-core/disk/lvm.c
9723a8
@@ -541,7 +541,16 @@ error_parsing_metadata:
9723a8
 			}
9723a8
 
9723a8
 		      if (seg->node_count != 1)
9723a8
-			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
9723a8
+			{
9723a8
+			  seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
9723a8
+			  if (p == NULL)
9723a8
+			    {
9723a8
+#ifdef GRUB_UTIL
9723a8
+			      grub_util_info ("unknown stripe_size");
9723a8
+#endif
9723a8
+			      goto lvs_segment_fail;
9723a8
+			    }
9723a8
+			}
9723a8
 
9723a8
 		      seg->nodes = grub_calloc (seg->node_count,
9723a8
 						sizeof (*stripe));
9723a8
@@ -561,7 +570,7 @@ error_parsing_metadata:
9723a8
 			{
9723a8
 			  p = grub_strchr (p, '"');
9723a8
 			  if (p == NULL)
9723a8
-			    continue;
9723a8
+			    goto lvs_segment_fail2;
9723a8
 			  q = ++p;
9723a8
 			  while (*q != '"')
9723a8
 			    q++;
9723a8
@@ -580,7 +589,10 @@ error_parsing_metadata:
9723a8
 			  stripe->start = grub_lvm_getvalue (&p, ",")
9723a8
 			    * vg->extent_size;
9723a8
 			  if (p == NULL)
9723a8
-			    continue;
9723a8
+			    {
9723a8
+			      grub_free (stripe->name);
9723a8
+			      goto lvs_segment_fail2;
9723a8
+			    }
9723a8
 
9723a8
 			  stripe++;
9723a8
 			}
9723a8
@@ -617,7 +629,7 @@ error_parsing_metadata:
9723a8
 
9723a8
 			  p = grub_strchr (p, '"');
9723a8
 			  if (p == NULL)
9723a8
-			    continue;
9723a8
+			    goto lvs_segment_fail2;
9723a8
 			  q = ++p;
9723a8
 			  while (*q != '"')
9723a8
 			    q++;
9723a8
@@ -705,7 +717,7 @@ error_parsing_metadata:
9723a8
 			  p = p ? grub_strchr (p + 1, '"') : 0;
9723a8
 			  p = p ? grub_strchr (p + 1, '"') : 0;
9723a8
 			  if (p == NULL)
9723a8
-			    continue;
9723a8
+			    goto lvs_segment_fail2;
9723a8
 			  q = ++p;
9723a8
 			  while (*q != '"')
9723a8
 			    q++;