nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0400-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

9723a8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
9723a8
From: Marco A Benatto <mbenatto@redhat.com>
9723a8
Date: Mon, 7 Dec 2020 11:53:03 -0300
9723a8
Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
9723a8
 make_vg()
9723a8
9723a8
Several error handling paths in make_vg() do not free comp data before
9723a8
jumping to fail2 label and returning from the function. This will leak
9723a8
memory. So, let's fix all issues of that kind.
9723a8
9723a8
Fixes: CID 73804
9723a8
9723a8
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
9723a8
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
9723a8
---
9723a8
 grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
9723a8
 1 file changed, 44 insertions(+), 7 deletions(-)
9723a8
9723a8
diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
b71686
index 58f8a53e1..428415fac 100644
9723a8
--- a/grub-core/disk/ldm.c
9723a8
+++ b/grub-core/disk/ldm.c
9723a8
@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
9723a8
 	      comp->segments = grub_calloc (comp->segment_alloc,
9723a8
 					    sizeof (*comp->segments));
9723a8
 	      if (!comp->segments)
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 	    }
9723a8
 	  else
9723a8
 	    {
9723a8
@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
9723a8
 	      comp->segment_count = 1;
9723a8
 	      comp->segments = grub_malloc (sizeof (*comp->segments));
9723a8
 	      if (!comp->segments)
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 	      comp->segments->start_extent = 0;
9723a8
 	      comp->segments->extent_count = lv->size;
9723a8
 	      comp->segments->layout = 0;
9723a8
@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
9723a8
 		  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
9723a8
 		}
9723a8
 	      else
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->segments);
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 	      ptr += *ptr + 1;
9723a8
 	      ptr++;
9723a8
 	      if (!(vblk[i].flags & 0x10))
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->segments);
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 	      if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
9723a8
 		  || ptr + *ptr + 1 >= vblk[i].dynamic
9723a8
 		  + sizeof (vblk[i].dynamic))
9723a8
 		{
9723a8
+		  grub_free (comp->segments);
9723a8
 		  grub_free (comp->internal_id);
9723a8
 		  grub_free (comp);
9723a8
 		  goto fail2;
9723a8
@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
9723a8
 	      if (ptr + *ptr + 1 >= vblk[i].dynamic
9723a8
 		  + sizeof (vblk[i].dynamic))
9723a8
 		{
9723a8
+		  grub_free (comp->segments);
9723a8
 		  grub_free (comp->internal_id);
9723a8
 		  grub_free (comp);
9723a8
 		  goto fail2;
9723a8
@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
9723a8
 	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
9723a8
 						   sizeof (*comp->segments->nodes));
9723a8
 	      if (!lv->segments->nodes)
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->segments);
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 	    }
9723a8
 
9723a8
 	  if (lv->segments->node_alloc == lv->segments->node_count)
9723a8
@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
9723a8
 
9723a8
 	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
9723a8
 		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->segments->nodes);
9723a8
+		  grub_free (comp->segments);
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 
9723a8
 	      t = grub_realloc (lv->segments->nodes, sz);
9723a8
 	      if (!t)
9723a8
-		goto fail2;
9723a8
+		{
9723a8
+		  grub_free (comp->segments->nodes);
9723a8
+		  grub_free (comp->segments);
9723a8
+		  grub_free (comp->internal_id);
9723a8
+		  grub_free (comp);
9723a8
+		  goto fail2;
9723a8
+		}
9723a8
 	      lv->segments->nodes = t;
9723a8
 	    }
9723a8
 	  lv->segments->nodes[lv->segments->node_count].pv = 0;