dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0419-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch

b1bcb2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b1bcb2
From: Daniel Axtens <dja@axtens.net>
b1bcb2
Date: Thu, 21 Jan 2021 18:35:22 +1100
b1bcb2
Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found
b1bcb2
b1bcb2
Clean up a bunch of cases where we could have strstr() fail and lead to
b1bcb2
us dereferencing NULL.
b1bcb2
b1bcb2
We'll still leak memory in some cases (loops don't clean up allocations
b1bcb2
from earlier iterations if a later iteration fails) but at least we're
b1bcb2
not crashing.
b1bcb2
b1bcb2
Signed-off-by: Daniel Axtens <dja@axtens.net>
b1bcb2
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b1bcb2
---
b1bcb2
 grub-core/disk/lvm.c | 22 +++++++++++++++++-----
b1bcb2
 1 file changed, 17 insertions(+), 5 deletions(-)
b1bcb2
b1bcb2
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
b1bcb2
index 939afa17d28..7776a0a0a07 100644
b1bcb2
--- a/grub-core/disk/lvm.c
b1bcb2
+++ b/grub-core/disk/lvm.c
b1bcb2
@@ -541,7 +541,16 @@ error_parsing_metadata:
b1bcb2
 			}
b1bcb2
 
b1bcb2
 		      if (seg->node_count != 1)
b1bcb2
-			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
b1bcb2
+			{
b1bcb2
+			  seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
b1bcb2
+			  if (p == NULL)
b1bcb2
+			    {
b1bcb2
+#ifdef GRUB_UTIL
b1bcb2
+			      grub_util_info ("unknown stripe_size");
b1bcb2
+#endif
b1bcb2
+			      goto lvs_segment_fail;
b1bcb2
+			    }
b1bcb2
+			}
b1bcb2
 
b1bcb2
 		      seg->nodes = grub_calloc (seg->node_count,
b1bcb2
 						sizeof (*stripe));
b1bcb2
@@ -561,7 +570,7 @@ error_parsing_metadata:
b1bcb2
 			{
b1bcb2
 			  p = grub_strchr (p, '"');
b1bcb2
 			  if (p == NULL)
b1bcb2
-			    continue;
b1bcb2
+			    goto lvs_segment_fail2;
b1bcb2
 			  q = ++p;
b1bcb2
 			  while (*q != '"')
b1bcb2
 			    q++;
b1bcb2
@@ -580,7 +589,10 @@ error_parsing_metadata:
b1bcb2
 			  stripe->start = grub_lvm_getvalue (&p, ",")
b1bcb2
 			    * vg->extent_size;
b1bcb2
 			  if (p == NULL)
b1bcb2
-			    continue;
b1bcb2
+			    {
b1bcb2
+			      grub_free (stripe->name);
b1bcb2
+			      goto lvs_segment_fail2;
b1bcb2
+			    }
b1bcb2
 
b1bcb2
 			  stripe++;
b1bcb2
 			}
b1bcb2
@@ -617,7 +629,7 @@ error_parsing_metadata:
b1bcb2
 
b1bcb2
 			  p = grub_strchr (p, '"');
b1bcb2
 			  if (p == NULL)
b1bcb2
-			    continue;
b1bcb2
+			    goto lvs_segment_fail2;
b1bcb2
 			  q = ++p;
b1bcb2
 			  while (*q != '"')
b1bcb2
 			    q++;
b1bcb2
@@ -699,7 +711,7 @@ error_parsing_metadata:
b1bcb2
 			  p = p ? grub_strchr (p + 1, '"') : 0;
b1bcb2
 			  p = p ? grub_strchr (p + 1, '"') : 0;
b1bcb2
 			  if (p == NULL)
b1bcb2
-			    continue;
b1bcb2
+			    goto lvs_segment_fail2;
b1bcb2
 			  q = ++p;
b1bcb2
 			  while (*q != '"')
b1bcb2
 			    q++;