nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
b1bcb2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
b1bcb2
From: Darren Kenny <darren.kenny@oracle.com>
b1bcb2
Date: Fri, 22 Jan 2021 12:32:41 +0000
b1bcb2
Subject: [PATCH] kern/parser: Fix resource leak if argc == 0
b1bcb2
b1bcb2
After processing the command-line yet arriving at the point where we are
b1bcb2
setting argv, we are allocating memory, even if argc == 0, which makes
b1bcb2
no sense since we never put anything into the allocated argv.
b1bcb2
b1bcb2
The solution is to simply return that we've successfully processed the
b1bcb2
arguments but that argc == 0, and also ensure that argv is NULL when
b1bcb2
we're not allocating anything in it.
b1bcb2
b1bcb2
There are only 2 callers of this function, and both are handling a zero
b1bcb2
value in argc assuming nothing is allocated in argv.
b1bcb2
b1bcb2
Fixes: CID 96680
b1bcb2
b1bcb2
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
b1bcb2
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
b1bcb2
---
b1bcb2
 grub-core/kern/parser.c | 5 +++++
b1bcb2
 1 file changed, 5 insertions(+)
b1bcb2
b1bcb2
diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
b1bcb2
index 5de8559e777..94e8728d59a 100644
b1bcb2
--- a/grub-core/kern/parser.c
b1bcb2
+++ b/grub-core/kern/parser.c
b1bcb2
@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline,
b1bcb2
   int i;
b1bcb2
 
b1bcb2
   *argc = 0;
b1bcb2
+  *argv = NULL;
b1bcb2
   do
b1bcb2
     {
b1bcb2
       if (!rd || !*rd)
b1bcb2
@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline,
b1bcb2
       (*argc)++;
b1bcb2
     }
b1bcb2
 
b1bcb2
+  /* If there are no args, then we're done. */
b1bcb2
+  if (!*argc)
b1bcb2
+    return 0;
b1bcb2
+
b1bcb2
   /* Reserve memory for the return values.  */
b1bcb2
   args = grub_malloc (bp - buffer);
b1bcb2
   if (!args)