grub2/0073-Fix-race-in-EFI-validation.patch
Robert Marshall 7b98965227 Reverse rpmvercmp return value
RPM sort was returning kernels sorted from oldest to newest
instead of newest to oldest. Flipped the sign on the return
value to switch the order.

Related: rhbz#1124074

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-07-31 11:53:28 -04:00

98 lines
2.7 KiB
Diff

From 6afbd577549250cdd954dfc12f03a6a4e7d3b906 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 14 Jul 2015 16:58:51 -0700
Subject: [PATCH 73/74] Fix race in EFI validation
---
grub-core/loader/i386/efi/linux.c | 44 ++++++++++-----------------------------
1 file changed, 11 insertions(+), 33 deletions(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index e5b7785..7ccf32d 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -154,7 +154,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_file_t file = 0;
struct linux_kernel_header lh;
grub_ssize_t len, start, filelen;
- void *kernel;
+ void *kernel = NULL;
grub_dl_ref (my_mod);
@@ -191,10 +191,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- grub_file_seek (file, 0);
-
- grub_free(kernel);
-
params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
if (! params)
@@ -203,15 +199,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- memset (params, 0, 16384);
+ grub_memset (params, 0, 16384);
- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
- {
- if (!grub_errno)
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
- goto fail;
- }
+ grub_memcpy (&lh, kernel, sizeof (lh));
if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
{
@@ -271,27 +261,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
- if (grub_file_seek (file, start) == (grub_off_t) -1)
- {
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
- goto fail;
- }
+ grub_memcpy (kernel_mem, (char *)kernel + start, len);
+ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
+ loaded=1;
- if (grub_file_read (file, kernel_mem, len) != len && !grub_errno)
- {
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
- argv[0]);
- }
-
- if (grub_errno == GRUB_ERR_NONE)
- {
- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
- loaded = 1;
- lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
- }
-
- memcpy(params, &lh, 2 * 512);
+ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
+ grub_memcpy (params, &lh, 2 * 512);
params->type_of_loader = 0x21;
@@ -300,6 +275,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (file)
grub_file_close (file);
+ if (kernel)
+ grub_free (kernel);
+
if (grub_errno != GRUB_ERR_NONE)
{
grub_dl_unref (my_mod);
--
2.4.3