1 Star 0 Fork 99

yangqiming/grub2

forked from src-openEuler/grub2 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
backport-0002-CVE-2020-27749.patch 2.13 KB
一键复制 编辑 原始数据 按行查看 历史
yangl777 提交于 2021-03-11 21:28 . fix CVE
From c6c426e5ab6ea715153b72584de6bd8c82f698ec Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Wed, 18 Nov 2020 00:59:24 +0000
Subject: kern/parser: Fix a memory leak
The getline() function supplied to grub_parser_split_cmdline() returns
a newly allocated buffer and can be called multiple times, but the
returned buffer is never freed.
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/parser.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
index d1cf061..0163a62 100644
--- a/grub-core/kern/parser.c
+++ b/grub-core/kern/parser.c
@@ -141,6 +141,7 @@ grub_parser_split_cmdline (const char *cmdline,
char *bp = buffer;
char *rd = (char *) cmdline;
char varname[200];
+ char *rp = rd;
char *vp = varname;
char *args;
int i;
@@ -149,10 +150,18 @@ grub_parser_split_cmdline (const char *cmdline,
*argv = NULL;
do
{
- if (!rd || !*rd)
- {
+ if (rp == NULL || *rp == '\0')
+ {
+ if (rd != cmdline)
+ {
+ grub_free (rd);
+ rd = rp = NULL;
+ }
if (getline)
- getline (&rd, 1, getline_data);
+ {
+ getline (&rd, 1, getline_data);
+ rp = rd;
+ }
else
break;
}
@@ -160,12 +169,12 @@ grub_parser_split_cmdline (const char *cmdline,
if (!rd)
break;
- for (; *rd; rd++)
+ for (; *rp != '\0'; rp++)
{
grub_parser_state_t newstate;
char use;
- newstate = grub_parser_cmdline_state (state, *rd, &use);
+ newstate = grub_parser_cmdline_state (state, *rp, &use);
/* If a variable was being processed and this character does
not describe the variable anymore, write the variable to
@@ -198,6 +207,9 @@ grub_parser_split_cmdline (const char *cmdline,
}
while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state));
+ if (rd != cmdline)
+ grub_free (rd);
+
/* A special case for when the last character was part of a
variable. */
add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT);
--
2.23.0
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/yyangqiming/grub2.git
git@gitee.com:yyangqiming/grub2.git
yyangqiming
grub2
grub2
master

搜索帮助