grub2/0063-Use-grub_efi_.-memory-helpers-where-reasonable.patch
Javier Martinez Canillas 46968b6e63
Update to 2.06~rc1 to fix a bunch of CVEs
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-03-15 10:13:33 +01:00

107 lines
3.3 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 1 Jun 2017 10:06:38 -0400
Subject: [PATCH] Use grub_efi_...() memory helpers where reasonable.
This uses grub_efi_allocate_pool(), grub_efi_free_pool(), and
grub_efi_free_pages() instead of open-coded efi_call_N() calls, so we
get more reasonable type checking.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/efi/chainloader.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index 3ff305b1d32..ba3d2930197 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -65,7 +65,7 @@ grub_chainloader_unload (void)
b = grub_efi_system_table->boot_services;
efi_call_1 (b->unload_image, image_handle);
- efi_call_2 (b->free_pages, address, pages);
+ grub_efi_free_pages (address, pages);
grub_free (file_path);
grub_free (cmdline);
@@ -108,7 +108,7 @@ grub_chainloader_boot (void)
}
if (exit_data)
- efi_call_1 (b->free_pool, exit_data);
+ grub_efi_free_pool (exit_data);
grub_loader_unset ();
@@ -523,10 +523,9 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp)
static grub_efi_boolean_t
handle_image (void *data, grub_efi_uint32_t datasize)
{
- grub_efi_boot_services_t *b;
grub_efi_loaded_image_t *li, li_bak;
grub_efi_status_t efi_status;
- char *buffer = NULL;
+ void *buffer = NULL;
char *buffer_aligned = NULL;
grub_efi_uint32_t i;
struct grub_pe32_section_table *section;
@@ -537,8 +536,6 @@ handle_image (void *data, grub_efi_uint32_t datasize)
int found_entry_point = 0;
int rc;
- b = grub_efi_system_table->boot_services;
-
rc = read_header (data, datasize, &context);
if (rc < 0)
{
@@ -578,8 +575,8 @@ handle_image (void *data, grub_efi_uint32_t datasize)
grub_dprintf ("chain", "image size is %08"PRIxGRUB_UINT64_T", datasize is %08x\n",
context.image_size, datasize);
- efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA,
- buffer_size, &buffer);
+ efi_status = grub_efi_allocate_pool (GRUB_EFI_LOADER_DATA, buffer_size,
+ &buffer);
if (efi_status != GRUB_EFI_SUCCESS)
{
@@ -811,14 +808,14 @@ handle_image (void *data, grub_efi_uint32_t datasize)
grub_dprintf ("chain", "entry_point returned %ld\n", efi_status);
grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t));
- efi_status = efi_call_1 (b->free_pool, buffer);
+ efi_status = grub_efi_free_pool (buffer);
return 1;
error_exit:
grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno);
if (buffer)
- efi_call_1 (b->free_pool, buffer);
+ grub_efi_free_pool (buffer);
return 0;
}
@@ -826,10 +823,7 @@ error_exit:
static grub_err_t
grub_secureboot_chainloader_unload (void)
{
- grub_efi_boot_services_t *b;
-
- b = grub_efi_system_table->boot_services;
- efi_call_2 (b->free_pages, address, pages);
+ grub_efi_free_pages (address, pages);
grub_free (file_path);
grub_free (cmdline);
cmdline = 0;
@@ -1096,7 +1090,7 @@ fail:
grub_free (file_path);
if (address)
- efi_call_2 (b->free_pages, address, pages);
+ grub_efi_free_pages (address, pages);
if (cmdline)
grub_free (cmdline);