Blame SOURCES/0289-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch

a4d572
From 301523f584d9aa624424c68ab3f085a9b7eca417 Mon Sep 17 00:00:00 2001
a4d572
From: Alexey Makhalov <amakhalov@vmware.com>
a4d572
Date: Wed, 8 Jul 2020 21:30:43 +0000
a4d572
Subject: [PATCH 289/314] xnu: Fix double free in
a4d572
 grub_xnu_devprop_add_property()
a4d572
a4d572
grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
a4d572
allocated and freed in the caller.
a4d572
a4d572
Minor improvement: do prop fields initialization after memory allocations.
a4d572
a4d572
Fixes: CID 292442, CID 292457, CID 292460, CID 292466
a4d572
a4d572
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
a4d572
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
a4d572
Upstream-commit-id: 4d5e2d13519
a4d572
---
a4d572
 grub-core/loader/i386/xnu.c | 19 +++++++++----------
a4d572
 1 file changed, 9 insertions(+), 10 deletions(-)
a4d572
a4d572
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
a4d572
index ee0eaadc4ee..c760db30fc0 100644
a4d572
--- a/grub-core/loader/i386/xnu.c
a4d572
+++ b/grub-core/loader/i386/xnu.c
a4d572
@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
a4d572
   if (!prop)
a4d572
     return grub_errno;
a4d572
 
a4d572
+  prop->data = grub_malloc (datalen);
a4d572
+  if (!prop->data)
a4d572
+    {
a4d572
+      grub_free (prop);
a4d572
+      return grub_errno;
a4d572
+    }
a4d572
+  grub_memcpy (prop->data, data, datalen);
a4d572
+
a4d572
   prop->name = utf8;
a4d572
   prop->name16 = utf16;
a4d572
   prop->name16len = utf16len;
a4d572
-
a4d572
   prop->length = datalen;
a4d572
-  prop->data = grub_malloc (prop->length);
a4d572
-  if (!prop->data)
a4d572
-    {
a4d572
-      grub_free (prop->name);
a4d572
-      grub_free (prop->name16);
a4d572
-      grub_free (prop);
a4d572
-      return grub_errno;
a4d572
-    }
a4d572
-  grub_memcpy (prop->data, data, prop->length);
a4d572
+
a4d572
   grub_list_push (GRUB_AS_LIST_P (&dev->properties),
a4d572
 		  GRUB_AS_LIST (prop));
a4d572
   return GRUB_ERR_NONE;
a4d572
-- 
a4d572
2.26.2
a4d572