From: Marta Rybczynska <rybczyn...@gmail.com> This patch adds a fix for checking for NULL in grub's loader/bsd. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska <marta.rybczyn...@huawei.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- ...ader-bsd-Check-for-NULL-arg-up-front.patch | 47 +++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch diff --git a/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch new file mode 100644 index 0000000000..34643e10ab --- /dev/null +++ b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch @@ -0,0 +1,47 @@ +From 7899384c8fdf9ed96566978c49b0c6e40e70703d Mon Sep 17 00:00:00 2001 +From: Darren Kenny <darren.ke...@oracle.com> +Date: Tue, 8 Dec 2020 21:47:13 +0000 +Subject: [PATCH] loader/bsd: Check for NULL arg up-front + +The code in the next block suggests that it is possible for .set to be +true but .arg may still be NULL. + +This code assumes that it is never NULL, yet later is testing if it is +NULL - that is inconsistent. + +So we should check first if .arg is not NULL, and remove this check that +is being flagged by Coverity since it is no longer required. + +Fixes: CID 292471 + +Signed-off-by: Darren Kenny <darren.ke...@oracle.com> +Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a] +Signed-off-by: Marta Rybczynska <marta.rybczyn...@huawei.com> +--- + grub-core/loader/i386/bsd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index b92cbe9..8432283 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -1605,7 +1605,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + kernel_type = KERNEL_TYPE_OPENBSD; + bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags); + +- if (ctxt->state[OPENBSD_ROOT_ARG].set) ++ if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg != NULL) + { + const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg; + unsigned type, unit, part; +@@ -1622,7 +1622,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + "unknown disk type name"); + + unit = grub_strtoul (arg, (char **) &arg, 10); +- if (! (arg && *arg >= 'a' && *arg <= 'z')) ++ if (! (*arg >= 'a' && *arg <= 'z')) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + "only device specifications of form " + "<type><number><lowercase letter> are supported"); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 1a4be33fca..8b55afccbb 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -83,6 +83,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \ file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ + file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162387): https://lists.openembedded.org/g/openembedded-core/message/162387 Mute This Topic: https://lists.openembedded.org/mt/89389055/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
