cmd/search: Fix a possible NULL ptr dereference

Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2024-11-24 06:22:43 +00:00 · 2024-10-23 12:15:08 +02:00 · 2024-10-23 12:15:08 +02:00 · 0a3394ca4b
commit 0a3394ca4b
parent 7b0d0e6fb5
3 changed files with 64 additions and 1 deletions
--- a/0279-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
+++ b/0279-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
@ -0,0 +1,59 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Nicolas Frayer <nfrayer@redhat.com>
+Date: Wed, 16 Oct 2024 15:50:32 +0200
+Subject: [PATCH] cmd/search: Fix a possible NULL ptr dereference
+
+When querying about a partition UUID, we're not checking
+for get_device_uuid() return value, which can possibly
+result in dereferencing a NULL pointer.
+
+Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
+Co-authored-by: Chuong Tran <anhchuong89@gmail.com>
+---
+ grub-core/commands/search.c | 28 +++++++++++++++-------------
+ 1 file changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
+index 9dd937e6df4e..d538b36219fb 100644
+--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
+@@ -212,24 +212,26 @@ iterate_device (const char *name, void *data)
+                     struct uuid_context uuid_ctx;
+                     int ret = 0;
+ 
+-                    get_device_uuid(name, &quid_name);
+-                    if (!grub_strcmp(quid_name, ctx->key))
+                    if (get_device_uuid(name, &quid_name))
+                       {
+-                        uuid_ctx.name = name;
+-                        uuid_ctx.uuid = quid_name;
+                      if (!grub_strcmp(quid_name, ctx->key))
+                        {
+                          uuid_ctx.name = name;
+                          uuid_ctx.uuid = quid_name;
+ 
+-                        ret = grub_device_iterate (check_for_duplicate, &uuid_ctx);
+                          ret = grub_device_iterate (check_for_duplicate, &uuid_ctx);
+ 
+-                        if (ret)
+-                          {
+-                            grub_printf("Duplicated media UUID found, rebooting ...\n");
+-                            grub_sleep(10);
+-                            grub_reboot();
+-                          }
+-                      }
+                          if (ret)
+                            {
+                              grub_printf("Duplicated media UUID found, rebooting ...\n");
+                              grub_sleep(10);
+                              grub_reboot();
+                            }
+                        }
+ 
+-                    if (quid_name) grub_free (quid_name);
+                      if (quid_name) grub_free (quid_name);
+ 
+                    }
+                   }
+               }
+ 	  }
--- a/grub.patches
+++ b/grub.patches
@ -276,3 +276,4 @@ Patch0275: 0275-load-EFI-commands-inside-test-expressions.patch
 Patch0276: 0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch
 Patch0277: 0277-Stop-grub.efi-from-always-printing-dynamic_load_symb.patch
 Patch0278: 0278-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch
+Patch0279: 0279-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
--- a/grub2.spec
+++ b/grub2.spec
@ -17,7 +17,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	10%{?dist}
+Release:	11%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPL-3.0-or-later
 URL:		http://www.gnu.org/software/grub/
@ -560,6 +560,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif

 %changelog
+* Wed Oct 23 2024 Nicolas Frayer <nfrayer@redhat.com> 2.12-11
+- cmd/search: Fix a possible NULL ptr dereference
+
 * Thu Oct 17 2024 Nicolas Frayer <nfrayer@redhat.com> 2.12-10
 - acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
 - Resolves: #2317048