mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-11-28 07:44:52 +00:00
f0ad2aaa26
Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Axtens <dja@axtens.net>
|
|
Date: Fri, 25 Jun 2021 02:19:05 +1000
|
|
Subject: [PATCH] kern/file: Do not leak device_name on error in
|
|
grub_file_open()
|
|
|
|
If we have an error in grub_file_open() before we free device_name, we
|
|
will leak it.
|
|
|
|
Free device_name in the error path and null out the pointer in the good
|
|
path once we free it there.
|
|
|
|
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
(cherry picked from commit 1499a5068839fa37cb77ecef4b5bdacbd1ed12ea)
|
|
---
|
|
grub-core/kern/file.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
|
|
index e19aea3e51..ed69fc0f0f 100644
|
|
--- a/grub-core/kern/file.c
|
|
+++ b/grub-core/kern/file.c
|
|
@@ -81,6 +81,7 @@ grub_file_open (const char *name, enum grub_file_type type)
|
|
|
|
device = grub_device_open (device_name);
|
|
grub_free (device_name);
|
|
+ device_name = NULL;
|
|
if (! device)
|
|
goto fail;
|
|
|
|
@@ -135,6 +136,7 @@ grub_file_open (const char *name, enum grub_file_type type)
|
|
return file;
|
|
|
|
fail:
|
|
+ grub_free (device_name);
|
|
if (device)
|
|
grub_device_close (device);
|
|
|