mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-12-01 00:48:18 +00:00
c06457c638
Resolves: CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 Resolves: CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Axtens <dja@axtens.net>
|
|
Date: Tue, 1 Mar 2022 23:14:15 +1100
|
|
Subject: [PATCH] net/http: Do not tear down socket if it's already been torn
|
|
down
|
|
|
|
It's possible for data->sock to get torn down in tcp error handling.
|
|
If we unconditionally tear it down again we will end up doing writes
|
|
to an offset of the NULL pointer when we go to tear it down again.
|
|
|
|
Detect if it has been torn down and don't do it again.
|
|
|
|
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
(cherry picked from commit ec233d3ecf995293304de443579aab5c46c49e85)
|
|
(cherry picked from commit d39cf87ed701b9f0900daed7f672e07994d37ce8)
|
|
---
|
|
grub-core/net/http.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
|
|
index 7f878b5615..19cb8768e3 100644
|
|
--- a/grub-core/net/http.c
|
|
+++ b/grub-core/net/http.c
|
|
@@ -427,7 +427,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial)
|
|
return err;
|
|
}
|
|
|
|
- for (i = 0; !data->headers_recv && i < 100; i++)
|
|
+ for (i = 0; data->sock && !data->headers_recv && i < 100; i++)
|
|
{
|
|
grub_net_tcp_retransmit ();
|
|
grub_net_poll_cards (300, &data->headers_recv);
|
|
@@ -435,7 +435,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial)
|
|
|
|
if (!data->headers_recv)
|
|
{
|
|
- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT);
|
|
+ if (data->sock)
|
|
+ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT);
|
|
if (data->err)
|
|
{
|
|
char *str = data->errmsg;
|