80 lines
3.5 KiB
Diff
80 lines
3.5 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Vladimir Serbinenko <phcoder@gmail.com>
|
|
Date: Mon, 7 Jul 2025 14:52:13 +0000
|
|
Subject: [PATCH] libgcrypt: Fix Coverity warnings
|
|
|
|
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
.../lib/libgcrypt-patches/03_mpiutil_alloc.patch | 18 +++++++++++
|
|
grub-core/lib/libgcrypt-patches/03_sexp_free.patch | 35 ++++++++++++++++++++++
|
|
2 files changed, 53 insertions(+)
|
|
create mode 100644 grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
|
|
create mode 100644 grub-core/lib/libgcrypt-patches/03_sexp_free.patch
|
|
|
|
diff --git a/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch b/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
|
|
new file mode 100644
|
|
index 0000000..42c6b2b
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
|
|
@@ -0,0 +1,18 @@
|
|
+mpiutil: Fix NULL pointer dereference in case of failed alloc
|
|
+
|
|
+Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
|
|
+
|
|
+diff --git a/grub-core/lib/libgcrypt/mpi/mpiutil.c b/grub-core/lib/libgcrypt/mpi/mpiutil.c
|
|
+index 3a372374f..dc53db09d 100644
|
|
+--- a/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
|
|
++++ b/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
|
|
+@@ -432,6 +432,9 @@ _gcry_mpi_alloc_like( gcry_mpi_t a )
|
|
+ int n = (a->sign+7)/8;
|
|
+ void *p = _gcry_is_secure(a->d)? xtrymalloc_secure (n)
|
|
+ : xtrymalloc (n);
|
|
++ if ( !p ) {
|
|
++ _gcry_fatal_error (GPG_ERR_ENOMEM, NULL);
|
|
++ }
|
|
+ memcpy( p, a->d, n );
|
|
+ b = mpi_set_opaque( NULL, p, a->sign );
|
|
+ }
|
|
diff --git a/grub-core/lib/libgcrypt-patches/03_sexp_free.patch b/grub-core/lib/libgcrypt-patches/03_sexp_free.patch
|
|
new file mode 100644
|
|
index 0000000..1c0ffd6
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/libgcrypt-patches/03_sexp_free.patch
|
|
@@ -0,0 +1,35 @@
|
|
+sexp: Add missing free on error path
|
|
+
|
|
+Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
|
|
+
|
|
+diff --git a/grub-core/lib/libgcrypt/src/sexp.c b/grub-core/lib/libgcrypt/src/sexp.c
|
|
+index d15f1a790..250559f75 100644
|
|
+--- a/grub-core/lib/libgcrypt-grub/src/sexp.c
|
|
++++ b/grub-core/lib/libgcrypt-grub/src/sexp.c
|
|
+@@ -1157,6 +1157,17 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
|
|
+ } \
|
|
+ } while (0)
|
|
+
|
|
++#define MAKE_SPACE_EXTRA_CLEANUP(n, cleanup) do { \
|
|
++ gpg_err_code_t _ms_err = make_space (&c, (n)); \
|
|
++ if (_ms_err) \
|
|
++ { \
|
|
++ err = _ms_err; \
|
|
++ *erroff = p - buffer; \
|
|
++ cleanup; \
|
|
++ goto leave; \
|
|
++ } \
|
|
++ } while (0)
|
|
++
|
|
+ /* The STORE_LEN macro is used to store the length N at buffer P. */
|
|
+ #define STORE_LEN(p,n) do { \
|
|
+ DATALEN ashort = (n); \
|
|
+@@ -1368,7 +1379,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
|
|
+ goto leave;
|
|
+ }
|
|
+
|
|
+- MAKE_SPACE (datalen);
|
|
++ MAKE_SPACE_EXTRA_CLEANUP (datalen, xfree (b64buf));
|
|
+ *c.pos++ = ST_DATA;
|
|
+ STORE_LEN (c.pos, datalen);
|
|
+ for (i = 0; i < datalen; i++)
|