nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Marco A Benatto <mbenatto@redhat.com>
468bd4
Date: Mon, 7 Dec 2020 11:53:03 -0300
468bd4
Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
468bd4
 make_vg()
468bd4
468bd4
Several error handling paths in make_vg() do not free comp data before
468bd4
jumping to fail2 label and returning from the function. This will leak
468bd4
memory. So, let's fix all issues of that kind.
468bd4
468bd4
Fixes: CID 73804
468bd4
468bd4
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
468bd4
 1 file changed, 44 insertions(+), 7 deletions(-)
468bd4
468bd4
diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
030dc3
index 58f8a53e1ab..428415fac24 100644
468bd4
--- a/grub-core/disk/ldm.c
468bd4
+++ b/grub-core/disk/ldm.c
468bd4
@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
468bd4
 	      comp->segments = grub_calloc (comp->segment_alloc,
468bd4
 					    sizeof (*comp->segments));
468bd4
 	      if (!comp->segments)
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 	    }
468bd4
 	  else
468bd4
 	    {
468bd4
@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
468bd4
 	      comp->segment_count = 1;
468bd4
 	      comp->segments = grub_malloc (sizeof (*comp->segments));
468bd4
 	      if (!comp->segments)
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 	      comp->segments->start_extent = 0;
468bd4
 	      comp->segments->extent_count = lv->size;
468bd4
 	      comp->segments->layout = 0;
468bd4
@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
468bd4
 		  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
468bd4
 		}
468bd4
 	      else
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->segments);
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 	      ptr += *ptr + 1;
468bd4
 	      ptr++;
468bd4
 	      if (!(vblk[i].flags & 0x10))
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->segments);
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 	      if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
468bd4
 		  || ptr + *ptr + 1 >= vblk[i].dynamic
468bd4
 		  + sizeof (vblk[i].dynamic))
468bd4
 		{
468bd4
+		  grub_free (comp->segments);
468bd4
 		  grub_free (comp->internal_id);
468bd4
 		  grub_free (comp);
468bd4
 		  goto fail2;
468bd4
@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
468bd4
 	      if (ptr + *ptr + 1 >= vblk[i].dynamic
468bd4
 		  + sizeof (vblk[i].dynamic))
468bd4
 		{
468bd4
+		  grub_free (comp->segments);
468bd4
 		  grub_free (comp->internal_id);
468bd4
 		  grub_free (comp);
468bd4
 		  goto fail2;
468bd4
@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
468bd4
 	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
468bd4
 						   sizeof (*comp->segments->nodes));
468bd4
 	      if (!lv->segments->nodes)
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->segments);
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 	    }
468bd4
 
468bd4
 	  if (lv->segments->node_alloc == lv->segments->node_count)
468bd4
@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
468bd4
 
468bd4
 	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
468bd4
 		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->segments->nodes);
468bd4
+		  grub_free (comp->segments);
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 
468bd4
 	      t = grub_realloc (lv->segments->nodes, sz);
468bd4
 	      if (!t)
468bd4
-		goto fail2;
468bd4
+		{
468bd4
+		  grub_free (comp->segments->nodes);
468bd4
+		  grub_free (comp->segments);
468bd4
+		  grub_free (comp->internal_id);
468bd4
+		  grub_free (comp);
468bd4
+		  goto fail2;
468bd4
+		}
468bd4
 	      lv->segments->nodes = t;
468bd4
 	    }
468bd4
 	  lv->segments->nodes[lv->segments->node_count].pv = 0;