nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0364-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

b1bcb2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b1bcb2
From: Marco A Benatto <mbenatto@redhat.com>
b1bcb2
Date: Mon, 7 Dec 2020 11:53:03 -0300
b1bcb2
Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
b1bcb2
 make_vg()
b1bcb2
b1bcb2
Several error handling paths in make_vg() do not free comp data before
b1bcb2
jumping to fail2 label and returning from the function. This will leak
b1bcb2
memory. So, let's fix all issues of that kind.
b1bcb2
b1bcb2
Fixes: CID 73804
b1bcb2
b1bcb2
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
b1bcb2
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b1bcb2
---
b1bcb2
 grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
b1bcb2
 1 file changed, 44 insertions(+), 7 deletions(-)
b1bcb2
b1bcb2
diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
b1bcb2
index b1a57f2d2ad..34e1e4d72ff 100644
b1bcb2
--- a/grub-core/disk/ldm.c
b1bcb2
+++ b/grub-core/disk/ldm.c
b1bcb2
@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
b1bcb2
 	      comp->segments = grub_calloc (comp->segment_alloc,
b1bcb2
 					    sizeof (*comp->segments));
b1bcb2
 	      if (!comp->segments)
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 	    }
b1bcb2
 	  else
b1bcb2
 	    {
b1bcb2
@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
b1bcb2
 	      comp->segment_count = 1;
b1bcb2
 	      comp->segments = grub_malloc (sizeof (*comp->segments));
b1bcb2
 	      if (!comp->segments)
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 	      comp->segments->start_extent = 0;
b1bcb2
 	      comp->segments->extent_count = lv->size;
b1bcb2
 	      comp->segments->layout = 0;
b1bcb2
@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
b1bcb2
 		  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
b1bcb2
 		}
b1bcb2
 	      else
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 	      ptr += *ptr + 1;
b1bcb2
 	      ptr++;
b1bcb2
 	      if (!(vblk[i].flags & 0x10))
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 	      if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
b1bcb2
 		  || ptr + *ptr + 1 >= vblk[i].dynamic
b1bcb2
 		  + sizeof (vblk[i].dynamic))
b1bcb2
 		{
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
 		  grub_free (comp->internal_id);
b1bcb2
 		  grub_free (comp);
b1bcb2
 		  goto fail2;
b1bcb2
@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
b1bcb2
 	      if (ptr + *ptr + 1 >= vblk[i].dynamic
b1bcb2
 		  + sizeof (vblk[i].dynamic))
b1bcb2
 		{
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
 		  grub_free (comp->internal_id);
b1bcb2
 		  grub_free (comp);
b1bcb2
 		  goto fail2;
b1bcb2
@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
b1bcb2
 	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
b1bcb2
 						   sizeof (*comp->segments->nodes));
b1bcb2
 	      if (!lv->segments->nodes)
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 	    }
b1bcb2
 
b1bcb2
 	  if (lv->segments->node_alloc == lv->segments->node_count)
b1bcb2
@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
b1bcb2
 
b1bcb2
 	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
b1bcb2
 		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->segments->nodes);
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 
b1bcb2
 	      t = grub_realloc (lv->segments->nodes, sz);
b1bcb2
 	      if (!t)
b1bcb2
-		goto fail2;
b1bcb2
+		{
b1bcb2
+		  grub_free (comp->segments->nodes);
b1bcb2
+		  grub_free (comp->segments);
b1bcb2
+		  grub_free (comp->internal_id);
b1bcb2
+		  grub_free (comp);
b1bcb2
+		  goto fail2;
b1bcb2
+		}
b1bcb2
 	      lv->segments->nodes = t;
b1bcb2
 	    }
b1bcb2
 	  lv->segments->nodes[lv->segments->node_count].pv = 0;