Blame SOURCES/0307-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch

b1bcb2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
c4e390
From: Alexey Makhalov <amakhalov@vmware.com>
c4e390
Date: Wed, 8 Jul 2020 21:30:43 +0000
b1bcb2
Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property()
c4e390
c4e390
grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
c4e390
allocated and freed in the caller.
c4e390
c4e390
Minor improvement: do prop fields initialization after memory allocations.
c4e390
c4e390
Fixes: CID 292442, CID 292457, CID 292460, CID 292466
c4e390
c4e390
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
c4e390
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
c4e390
Upstream-commit-id: 4d5e2d13519
c4e390
---
c4e390
 grub-core/loader/i386/xnu.c | 19 +++++++++----------
c4e390
 1 file changed, 9 insertions(+), 10 deletions(-)
c4e390
c4e390
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
c4e390
index 875048e1353..424488a9f7c 100644
c4e390
--- a/grub-core/loader/i386/xnu.c
c4e390
+++ b/grub-core/loader/i386/xnu.c
c4e390
@@ -259,20 +259,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
c4e390
   if (!prop)
c4e390
     return grub_errno;
c4e390
 
c4e390
+  prop->data = grub_malloc (datalen);
c4e390
+  if (!prop->data)
c4e390
+    {
c4e390
+      grub_free (prop);
c4e390
+      return grub_errno;
c4e390
+    }
c4e390
+  grub_memcpy (prop->data, data, datalen);
c4e390
+
c4e390
   prop->name = utf8;
c4e390
   prop->name16 = utf16;
c4e390
   prop->name16len = utf16len;
c4e390
-
c4e390
   prop->length = datalen;
c4e390
-  prop->data = grub_malloc (prop->length);
c4e390
-  if (!prop->data)
c4e390
-    {
c4e390
-      grub_free (prop);
c4e390
-      grub_free (prop->name);
c4e390
-      grub_free (prop->name16);
c4e390
-      return grub_errno;
c4e390
-    }
c4e390
-  grub_memcpy (prop->data, data, prop->length);
c4e390
+
c4e390
   grub_list_push (GRUB_AS_LIST_P (&dev->properties),
c4e390
 		  GRUB_AS_LIST (prop));
c4e390
   return GRUB_ERR_NONE;