grub2/SOURCES/0216-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch

42 lines
1.3 KiB
Diff
Raw Normal View History

2022-06-16 13:18:30 +00:00
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Mon, 2 May 2022 14:39:31 +0200
Subject: [PATCH] loader/i386/efi/linux: Avoid a use-after-free in the linuxefi
loader
In some error paths in grub_cmd_linux, the pointer to lh may be
dereferenced after the buffer it points to has been freed. There aren't
any security implications from this because nothing else uses the
allocator after the buffer is freed and before the pointer is
dereferenced, but fix it anyway.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
(cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2)
---
grub-core/loader/i386/efi/linux.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
2023-04-11 14:25:15 +00:00
index 941df6400b..27bc2aa161 100644
2022-06-16 13:18:30 +00:00
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
2023-04-11 14:25:15 +00:00
@@ -465,9 +465,6 @@ fail:
2022-06-16 13:18:30 +00:00
if (file)
grub_file_close (file);
- if (kernel)
- grub_free (kernel);
-
if (grub_errno != GRUB_ERR_NONE)
{
grub_dl_unref (my_mod);
2023-04-11 14:25:15 +00:00
@@ -483,6 +480,8 @@ fail:
2022-06-16 13:18:30 +00:00
kernel_free (params, sizeof(*params));
}
+ grub_free (kernel);
+
return grub_errno;
}