|
|
b1bcb2 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
b1bcb2 |
From: Daniel Axtens <dja@axtens.net>
|
|
|
b1bcb2 |
Date: Thu, 21 Jan 2021 18:35:22 +1100
|
|
|
b1bcb2 |
Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
Clean up a bunch of cases where we could have strstr() fail and lead to
|
|
|
b1bcb2 |
us dereferencing NULL.
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
We'll still leak memory in some cases (loops don't clean up allocations
|
|
|
b1bcb2 |
from earlier iterations if a later iteration fails) but at least we're
|
|
|
b1bcb2 |
not crashing.
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
b1bcb2 |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
b1bcb2 |
---
|
|
|
b1bcb2 |
grub-core/disk/lvm.c | 22 +++++++++++++++++-----
|
|
|
b1bcb2 |
1 file changed, 17 insertions(+), 5 deletions(-)
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
|
|
|
b1bcb2 |
index 939afa17d28..7776a0a0a07 100644
|
|
|
b1bcb2 |
--- a/grub-core/disk/lvm.c
|
|
|
b1bcb2 |
+++ b/grub-core/disk/lvm.c
|
|
|
b1bcb2 |
@@ -541,7 +541,16 @@ error_parsing_metadata:
|
|
|
b1bcb2 |
}
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
if (seg->node_count != 1)
|
|
|
b1bcb2 |
- seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
|
|
|
b1bcb2 |
+ {
|
|
|
b1bcb2 |
+ seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
|
|
|
b1bcb2 |
+ if (p == NULL)
|
|
|
b1bcb2 |
+ {
|
|
|
b1bcb2 |
+#ifdef GRUB_UTIL
|
|
|
b1bcb2 |
+ grub_util_info ("unknown stripe_size");
|
|
|
b1bcb2 |
+#endif
|
|
|
b1bcb2 |
+ goto lvs_segment_fail;
|
|
|
b1bcb2 |
+ }
|
|
|
b1bcb2 |
+ }
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
seg->nodes = grub_calloc (seg->node_count,
|
|
|
b1bcb2 |
sizeof (*stripe));
|
|
|
b1bcb2 |
@@ -561,7 +570,7 @@ error_parsing_metadata:
|
|
|
b1bcb2 |
{
|
|
|
b1bcb2 |
p = grub_strchr (p, '"');
|
|
|
b1bcb2 |
if (p == NULL)
|
|
|
b1bcb2 |
- continue;
|
|
|
b1bcb2 |
+ goto lvs_segment_fail2;
|
|
|
b1bcb2 |
q = ++p;
|
|
|
b1bcb2 |
while (*q != '"')
|
|
|
b1bcb2 |
q++;
|
|
|
b1bcb2 |
@@ -580,7 +589,10 @@ error_parsing_metadata:
|
|
|
b1bcb2 |
stripe->start = grub_lvm_getvalue (&p, ",")
|
|
|
b1bcb2 |
* vg->extent_size;
|
|
|
b1bcb2 |
if (p == NULL)
|
|
|
b1bcb2 |
- continue;
|
|
|
b1bcb2 |
+ {
|
|
|
b1bcb2 |
+ grub_free (stripe->name);
|
|
|
b1bcb2 |
+ goto lvs_segment_fail2;
|
|
|
b1bcb2 |
+ }
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
stripe++;
|
|
|
b1bcb2 |
}
|
|
|
b1bcb2 |
@@ -617,7 +629,7 @@ error_parsing_metadata:
|
|
|
b1bcb2 |
|
|
|
b1bcb2 |
p = grub_strchr (p, '"');
|
|
|
b1bcb2 |
if (p == NULL)
|
|
|
b1bcb2 |
- continue;
|
|
|
b1bcb2 |
+ goto lvs_segment_fail2;
|
|
|
b1bcb2 |
q = ++p;
|
|
|
b1bcb2 |
while (*q != '"')
|
|
|
b1bcb2 |
q++;
|
|
|
b1bcb2 |
@@ -699,7 +711,7 @@ error_parsing_metadata:
|
|
|
b1bcb2 |
p = p ? grub_strchr (p + 1, '"') : 0;
|
|
|
b1bcb2 |
p = p ? grub_strchr (p + 1, '"') : 0;
|
|
|
b1bcb2 |
if (p == NULL)
|
|
|
b1bcb2 |
- continue;
|
|
|
b1bcb2 |
+ goto lvs_segment_fail2;
|
|
|
b1bcb2 |
q = ++p;
|
|
|
b1bcb2 |
while (*q != '"')
|
|
|
b1bcb2 |
q++;
|