[SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly

From:	Daniel Kiper
Subject:	[SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly NULL state
Date:	Tue, 2 Mar 2021 19:00:32 +0100

From: Darren Kenny <darren.kenny@oracle.com>

All other instances of call to __argp_failure() where there is
a dgettext() call is first checking whether state is NULL before
attempting to dereference it to get the root_argp->argp_domain.

Fixes: CID 292436

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 bootstrap.conf                                          |  2 +-
 conf/Makefile.extra-dist                                |  1 +
 grub-core/lib/gnulib-patches/fix-null-state-deref.patch | 12 ++++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch

diff --git a/bootstrap.conf b/bootstrap.conf
index a7fc34eb3..d71d1b51e 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -79,7 +79,7 @@ cp -a INSTALL INSTALL.grub
 
 bootstrap_post_import_hook () {
   set -e
-  for patchname in fix-base64 fix-null-deref fix-uninit-structure 
fix-unused-value fix-width no-abort; do
+  for patchname in fix-base64 fix-null-deref fix-null-state-deref 
fix-uninit-structure fix-unused-value fix-width no-abort; do
     patch -d grub-core/lib/gnulib -p2 \
       < "grub-core/lib/gnulib-patches/$patchname.patch"
   done
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index d83cde427..a46fc44e7 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
 
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-base64.patch
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
 EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch 
b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
new file mode 100644
index 000000000..813ec09c8
--- /dev/null
+++ b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
@@ -0,0 +1,12 @@
+--- a/lib/argp-help.c  2020-10-28 14:32:19.189215988 +0000
++++ b/lib/argp-help.c  2020-10-28 14:38:21.204673940 +0000
+@@ -145,7 +145,8 @@
+       if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
+         {
+           __argp_failure (state, 0, 0,
+-                          dgettext (state->root_argp->argp_domain,
++                          dgettext (state == NULL ? NULL
++                                    : state->root_argp->argp_domain,
+                                     "\
+ ARGP_HELP_FMT: %s value is less than or equal to %s"),
+                           "rmargin", up->name);
-- 
2.11.0

[Prev in Thread]

Current Thread

[Next in Thread]

[SECURITY PATCH 015/117] dl: Only allow unloading modules that are not dependencies, (continued)
- [SECURITY PATCH 015/117] dl: Only allow unloading modules that are not dependencies, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 013/117] loader/xnu: Don't allow loading extension and packages when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 011/117] commands/hdparm: Restrict hdparm command when locked down, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 014/117] docs: Document the cutmem command, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 021/117] kern/efi: Fix memory leak on failure, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 019/117] net/tftp: Fix dangling memory pointer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 018/117] net/net: Fix possible dereference to of a NULL pointer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 024/117] gnulib/regcomp: Fix uninitialized token structure, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 020/117] kern/parser: Fix resource leak if argc == 0, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 022/117] kern/efi/mm: Fix possible NULL pointer dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly NULL state, Daniel Kiper <=
- [SECURITY PATCH 016/117] usb: Avoid possible out-of-bound accesses caused by malicious devices, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 017/117] mmap: Fix memory leak when iterating over mapped memory, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 023/117] gnulib/regexec: Resolve unused variable, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 026/117] gnulib/regexec: Fix possible null-dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 030/117] kern/partition: Check for NULL before dereferencing input string, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 029/117] zstd: Initialize seq_t structure fully, Daniel Kiper, 2021/03/02
  - Re: [SECURITY PATCH 029/117] zstd: Initialize seq_t structure fully, Paul Menzel, 2021/03/18
    - Re: [SECURITY PATCH 029/117] zstd: Initialize seq_t structure fully, Darren Kenny, 2021/03/18
- [SECURITY PATCH 033/117] disk/ldm: Fix memory leak on uninserted lv references, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 027/117] gnulib/regcomp: Fix uninitialized re_token, Daniel Kiper, 2021/03/02

Prev by Date: [SECURITY PATCH 022/117] kern/efi/mm: Fix possible NULL pointer dereference
Next by Date: [SECURITY PATCH 016/117] usb: Avoid possible out-of-bound accesses caused by malicious devices
Previous by thread: [SECURITY PATCH 022/117] kern/efi/mm: Fix possible NULL pointer dereference
Next by thread: [SECURITY PATCH 016/117] usb: Avoid possible out-of-bound accesses caused by malicious devices
Index(es):
- Date
- Thread