Blame SOURCES/0423-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch

9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Marco A Benatto <mbenatto@redhat.com>
9723a8
Date: Mon, 30 Nov 2020 12:18:24 -0300
9723a8
Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
9723a8
 grub_xnu_writetree_toheap()
9723a8
9723a8
... to avoid memory leaks.
9723a8
9723a8
Fixes: CID 96640
9723a8
9723a8
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/loader/xnu.c | 24 ++++++++++++++++++++----
9723a8
 1 file changed, 20 insertions(+), 4 deletions(-)
9723a8
9723a8
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
3efed6
index 16bfa7cec72..af885a648c6 100644
9723a8
--- a/grub-core/loader/xnu.c
9723a8
+++ b/grub-core/loader/xnu.c
3efed6
@@ -228,26 +228,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
9723a8
   if (! memorymap)
9723a8
     return grub_errno;
9723a8
 
9723a8
-  driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey));
9723a8
+  driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey));
9723a8
   if (! driverkey)
9723a8
     return grub_errno;
9723a8
   driverkey->name = grub_strdup ("DeviceTree");
9723a8
   if (! driverkey->name)
9723a8
-    return grub_errno;
9723a8
+    {
9723a8
+      err = grub_errno;
9723a8
+      goto fail;
9723a8
+    }
9723a8
+
9723a8
   driverkey->datasize = sizeof (*extdesc);
9723a8
   driverkey->next = memorymap->first_child;
9723a8
   memorymap->first_child = driverkey;
9723a8
   driverkey->data = extdesc
9723a8
     = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
9723a8
   if (! driverkey->data)
9723a8
-    return grub_errno;
9723a8
+    {
9723a8
+      err = grub_errno;
9723a8
+      goto fail;
9723a8
+    }
9723a8
 
9723a8
   /* Allocate the space based on the size with dummy value. */
9723a8
   *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
9723a8
   err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
9723a8
 			      &src, target);
9723a8
   if (err)
9723a8
-    return err;
9723a8
+    goto fail;
9723a8
 
9723a8
   /* Put real data in the dummy. */
9723a8
   extdesc->addr = *target;
3efed6
@@ -256,6 +263,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
9723a8
   /* Write the tree to heap. */
9723a8
   grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
9723a8
   return GRUB_ERR_NONE;
9723a8
+
9723a8
+ fail:
9723a8
+  memorymap->first_child = NULL;
9723a8
+
9723a8
+  grub_free (driverkey->data);
9723a8
+  grub_free (driverkey->name);
9723a8
+  grub_free (driverkey);
9723a8
+
9723a8
+  return err;
9723a8
 }
9723a8
 
9723a8
 /* Find a key or value in parent key. */