Re: [PATCH] Fix crash on http

Fri, 01 Feb 2013 13:00:39 -0800 

On 27.09.2012 19:55, Gustavo Luiz Duarte wrote:

> 
> Don't free file->data on receiving FIN flag since it is used all over without
> checking. http_close() will be called later to free that memory.
> Downstream bug: http://bugzilla.redhat.com/show_bug.cgi?id=860834

This patch of not just freeing fixes one instance of a more general
problem. Please try the attached patch

> ---
>  grub-core/net/http.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/grub-core/net/http.c b/grub-core/net/http.c
> index a7542d1..a5f6f31 100644
> --- a/grub-core/net/http.c
> +++ b/grub-core/net/http.c
> @@ -386,7 +386,7 @@ http_establish (struct grub_file *file, grub_off_t 
> offset, int initial)
> 
>    data->sock = grub_net_tcp_open (file->device->net->server,
>                                   HTTP_PORT, http_receive,
> -                                 http_err, http_err,
> +                                 http_err, NULL,
>                                   file);
>    if (!data->sock)
>      {



-- 
Regards
Vladimir 'φ-coder/phcoder' Serbinenko

=== modified file 'grub-core/net/http.c'
--- grub-core/net/http.c	2012-06-22 20:09:31 +0000
+++ grub-core/net/http.c	2013-01-28 09:27:26 +0000
@@ -157,9 +157,10 @@
 
   if (data->sock)
     grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT);
+  data->sock = 0;
   if (data->current_line)
     grub_free (data->current_line);
-  grub_free (data);
+  data->current_line = 0;
   file->device->net->eof = 1;
   file->device->net->stall = 1;
   if (file->size == GRUB_FILE_SIZE_UNKNOWN)
@@ -175,6 +176,12 @@
   http_data_t data = file->data;
   grub_err_t err;
 
+  if (!data->sock)
+    {
+      grub_netbuff_free (nb);
+      return GRUB_ERR_NONE;
+    }
+
   while (1)
     {
       char *ptr = (char *) nb->data;
@@ -432,7 +439,8 @@
   grub_err_t err;
   old_data = file->data;
   /* FIXME: Reuse socket?  */
-  grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT);
+  if (old_data->sock)
+    grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT);
   old_data->sock = 0;
 
   while (file->device->net->packs.first)
@@ -529,7 +537,8 @@
 
   if (!file->device->net->eof)
     file->device->net->stall = 0;
-  grub_net_tcp_unstall (data->sock);
+  if (data && data->sock)
+    grub_net_tcp_unstall (data->sock);
   return 0;
 }

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to