| From dc9777dc17697b196c415c53187a55861d41fd2a Mon Sep 17 00:00:00 2001 |
| From: Alexey Makhalov <amakhalov@vmware.com> |
| Date: Wed, 8 Jul 2020 21:30:43 +0000 |
| Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property() |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get |
| allocated and freed in the caller. |
| |
| Minor improvement: do prop fields initialization after memory allocations. |
| |
| Fixes: CID 292442, CID 292457, CID 292460, CID 292466 |
| |
| Signed-off-by: Alexey Makhalov <amakhalov@vmware.com> |
| Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
| Signed-off-by: Stefan SΓΈrensen <stefan.sorensen@spectralink.com> |
| --- |
| grub-core/loader/i386/xnu.c | 17 ++++++++--------- |
| 1 file changed, 8 insertions(+), 9 deletions(-) |
| |
| diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c |
| index b7d176b5d..e9e119259 100644 |
| --- a/grub-core/loader/i386/xnu.c |
| +++ b/grub-core/loader/i386/xnu.c |
| @@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev, |
| if (!prop) |
| return grub_errno; |
| |
| - prop->name = utf8; |
| - prop->name16 = utf16; |
| - prop->name16len = utf16len; |
| - |
| - prop->length = datalen; |
| - prop->data = grub_malloc (prop->length); |
| + prop->data = grub_malloc (datalen); |
| if (!prop->data) |
| { |
| - grub_free (prop->name); |
| - grub_free (prop->name16); |
| grub_free (prop); |
| return grub_errno; |
| } |
| - grub_memcpy (prop->data, data, prop->length); |
| + grub_memcpy (prop->data, data, datalen); |
| + |
| + prop->name = utf8; |
| + prop->name16 = utf16; |
| + prop->name16len = utf16len; |
| + prop->length = datalen; |
| + |
| grub_list_push (GRUB_AS_LIST_P (&dev->properties), |
| GRUB_AS_LIST (prop)); |
| return GRUB_ERR_NONE; |
| -- |
| 2.26.2 |
| |
