cmd/search: Fix a possible NULL ptr dereference

Resolves: #RHEL-61263 Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-10-16 17:57:56 +02:00 · 2024-10-16 17:57:56 +02:00 · 0e73191379
commit 0e73191379
parent ec05bd1b7c
3 changed files with 65 additions and 1 deletions
--- a/0352-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
+++ b/0352-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
@ -0,0 +1,59 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Nicolas Frayer <nfrayer@redhat.com>
+Date: Wed, 16 Oct 2024 15:50:32 +0200
+Subject: [PATCH] cmd/search: Fix a possible NULL ptr dereference
+
+When querying about a partition UUID, we're not checking
+for get_device_uuid() return value, which can possibly
+result in dereferencing a NULL pointer.
+
+Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
+Co-authored-by: Chuong Tran <anhchuong89@gmail.com>
+---
+ grub-core/commands/search.c | 28 +++++++++++++++-------------
+ 1 file changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
+index c052cb098c36..ab0122704c34 100644
+--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
+@@ -211,24 +211,26 @@ iterate_device (const char *name, void *data)
+                     struct uuid_context uuid_ctx;
+                     int ret = 0;
+ 
+-                    get_device_uuid(name, &quid_name);
+-                    if (!grub_strcmp(quid_name, ctx->key))
+                    if (get_device_uuid(name, &quid_name))
+                       {
+-                        uuid_ctx.name = name;
+-                        uuid_ctx.uuid = quid_name;
+                      if (!grub_strcmp(quid_name, ctx->key))
+                        {
+                          uuid_ctx.name = name;
+                          uuid_ctx.uuid = quid_name;
+ 
+-                        ret = grub_device_iterate (check_for_duplicate, &uuid_ctx);
+                          ret = grub_device_iterate (check_for_duplicate, &uuid_ctx);
+ 
+-                        if (ret)
+-                          {
+-                            grub_printf("Duplicated media UUID found, rebooting ...\n");
+-                            grub_sleep(10);
+-                            grub_reboot();
+-                          }
+-                      }
+                          if (ret)
+                            {
+                              grub_printf("Duplicated media UUID found, rebooting ...\n");
+                              grub_sleep(10);
+                              grub_reboot();
+                            }
+                        }
+ 
+-                    if (quid_name) grub_free (quid_name);
+                      if (quid_name) grub_free (quid_name);
+ 
+                    }
+                   }
+               }
+ 	  }
--- a/grub.patches
+++ b/grub.patches
@ -349,3 +349,4 @@ Patch0348: 0348-chainloader-remove-device-path-debug-message.patch
 Patch0349: 0349-grub2-mkconfig-Simplify-os_name-detection.patch
 Patch0350: 0350-grub-mkconfig-Remove-check-for-mount-point-for-grub-.patch
 Patch0351: 0351-arm64-Use-proper-memory-type-for-kernel-allocation.patch
+Patch0352: 0352-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
--- a/grub2.spec
+++ b/grub2.spec
@ -16,7 +16,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	92%{?dist}
+Release:	93%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@ -547,6 +547,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif

 %changelog
+* Wed Oct 16 2024 Nicolas Frayer <nfrayer@redhat.com> 2.06-93
+- cmd/search: Fix a possible NULL ptr dereference
+- Resolves: #RHEL-61263
+
 * Tue Aug 13 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-92
 - arm64/linux: Allocate memory for kernel with EFI_LOADER_CODE type
 - Resolves: #RHEL-49868