dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0456-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch

468bd4
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
468bd4
From: Daniel Axtens <dja@axtens.net>
468bd4
Date: Thu, 21 Jan 2021 18:35:22 +1100
468bd4
Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found
468bd4
468bd4
Clean up a bunch of cases where we could have strstr() fail and lead to
468bd4
us dereferencing NULL.
468bd4
468bd4
We'll still leak memory in some cases (loops don't clean up allocations
468bd4
from earlier iterations if a later iteration fails) but at least we're
468bd4
not crashing.
468bd4
468bd4
Signed-off-by: Daniel Axtens <dja@axtens.net>
468bd4
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
468bd4
---
468bd4
 grub-core/disk/lvm.c | 22 +++++++++++++++++-----
468bd4
 1 file changed, 17 insertions(+), 5 deletions(-)
468bd4
468bd4
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
468bd4
index 1e80137c452..03587e744dc 100644
468bd4
--- a/grub-core/disk/lvm.c
468bd4
+++ b/grub-core/disk/lvm.c
468bd4
@@ -541,7 +541,16 @@ error_parsing_metadata:
468bd4
 			}
468bd4
 
468bd4
 		      if (seg->node_count != 1)
468bd4
-			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
468bd4
+			{
468bd4
+			  seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
468bd4
+			  if (p == NULL)
468bd4
+			    {
468bd4
+#ifdef GRUB_UTIL
468bd4
+			      grub_util_info ("unknown stripe_size");
468bd4
+#endif
468bd4
+			      goto lvs_segment_fail;
468bd4
+			    }
468bd4
+			}
468bd4
 
468bd4
 		      seg->nodes = grub_calloc (seg->node_count,
468bd4
 						sizeof (*stripe));
468bd4
@@ -561,7 +570,7 @@ error_parsing_metadata:
468bd4
 			{
468bd4
 			  p = grub_strchr (p, '"');
468bd4
 			  if (p == NULL)
468bd4
-			    continue;
468bd4
+			    goto lvs_segment_fail2;
468bd4
 			  q = ++p;
468bd4
 			  while (*q != '"')
468bd4
 			    q++;
468bd4
@@ -580,7 +589,10 @@ error_parsing_metadata:
468bd4
 			  stripe->start = grub_lvm_getvalue (&p, ",")
468bd4
 			    * vg->extent_size;
468bd4
 			  if (p == NULL)
468bd4
-			    continue;
468bd4
+			    {
468bd4
+			      grub_free (stripe->name);
468bd4
+			      goto lvs_segment_fail2;
468bd4
+			    }
468bd4
 
468bd4
 			  stripe++;
468bd4
 			}
468bd4
@@ -617,7 +629,7 @@ error_parsing_metadata:
468bd4
 
468bd4
 			  p = grub_strchr (p, '"');
468bd4
 			  if (p == NULL)
468bd4
-			    continue;
468bd4
+			    goto lvs_segment_fail2;
468bd4
 			  q = ++p;
468bd4
 			  while (*q != '"')
468bd4
 			    q++;
468bd4
@@ -705,7 +717,7 @@ error_parsing_metadata:
468bd4
 			  p = p ? grub_strchr (p + 1, '"') : 0;
468bd4
 			  p = p ? grub_strchr (p + 1, '"') : 0;
468bd4
 			  if (p == NULL)
468bd4
-			    continue;
468bd4
+			    goto lvs_segment_fail2;
468bd4
 			  q = ++p;
468bd4
 			  while (*q != '"')
468bd4
 			    q++;