[SECURITY PATCH 40/73] gettext: Remove variables hooks on module unload

Daniel Kiper via Grub-devel Tue, 18 Feb 2025 10:04:42 -0800

From: B Horn <b...@horn.uk>

The gettext module does not entirely cleanup after itself in
its GRUB_MOD_FINI() leaving a few variables hooks in place.
It is not possible to unload gettext module because normal
module depends on it. Though fix the issues for completeness.


Fixes: CVE-2025-0622

Reported-by: B Horn <b...@horn.uk>
Signed-off-by: B Horn <b...@horn.uk>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
---
 grub-core/gettext/gettext.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
index 7a1c14e4f..e4f4f8ee6 100644
--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
 
 GRUB_MOD_FINI (gettext)
 {
+  grub_register_variable_hook ("locale_dir", NULL, NULL);
+  grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
+  grub_register_variable_hook ("lang", NULL, NULL);
+
   grub_gettext_delete_list (&main_context);
   grub_gettext_delete_list (&secondary_context);
 
-- 
2.11.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[SECURITY PATCH 40/73] gettext: Remove variables hooks on module unload

Reply via email to