[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 026/117] gnulib/regexec: Fix possible null-dereference
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 026/117] gnulib/regexec: Fix possible null-dereference |
Date: |
Tue, 2 Mar 2021 19:00:33 +0100 |
From: Darren Kenny <darren.kenny@oracle.com>
It appears to be possible that the mctx->state_log field may be NULL,
and the name of this function, clean_state_log_if_needed(), suggests
that it should be checking that it is valid to be cleaned before
assuming that it does.
Fixes: CID 86720
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
bootstrap.conf | 3 ++-
conf/Makefile.extra-dist | 1 +
grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | 12 ++++++++++++
3 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
diff --git a/bootstrap.conf b/bootstrap.conf
index d71d1b51e..22feff5c0 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -79,7 +79,8 @@ cp -a INSTALL INSTALL.grub
bootstrap_post_import_hook () {
set -e
- for patchname in fix-base64 fix-null-deref fix-null-state-deref
fix-uninit-structure fix-unused-value fix-width no-abort; do
+ for patchname in fix-base64 fix-null-deref fix-null-state-deref
fix-regexec-null-deref \
+ fix-uninit-structure fix-unused-value fix-width no-abort; do
patch -d grub-core/lib/gnulib -p2 \
< "grub-core/lib/gnulib-patches/$patchname.patch"
done
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index a46fc44e7..c0ac65ec3 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -31,6 +31,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-base64.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
new file mode 100644
index 000000000..db6dac9c9
--- /dev/null
+++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
@@ -0,0 +1,12 @@
+--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 +0000
++++ b/lib/regexec.c 2020-11-05 10:55:09.621542984 +0000
+@@ -1692,6 +1692,9 @@
+ {
+ Idx top = mctx->state_log_top;
+
++ if (mctx->state_log == NULL)
++ return REG_NOERROR;
++
+ if ((next_state_log_idx >= mctx->input.bufs_len
+ && mctx->input.bufs_len < mctx->input.len)
+ || (next_state_log_idx >= mctx->input.valid_len
--
2.11.0
- [SECURITY PATCH 021/117] kern/efi: Fix memory leak on failure, (continued)
- [SECURITY PATCH 021/117] kern/efi: Fix memory leak on failure, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 019/117] net/tftp: Fix dangling memory pointer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 018/117] net/net: Fix possible dereference to of a NULL pointer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 024/117] gnulib/regcomp: Fix uninitialized token structure, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 020/117] kern/parser: Fix resource leak if argc == 0, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 022/117] kern/efi/mm: Fix possible NULL pointer dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 025/117] gnulib/argp-help: Fix dereference of a possibly NULL state, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 016/117] usb: Avoid possible out-of-bound accesses caused by malicious devices, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 017/117] mmap: Fix memory leak when iterating over mapped memory, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 023/117] gnulib/regexec: Resolve unused variable, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 026/117] gnulib/regexec: Fix possible null-dereference,
Daniel Kiper <=
- [SECURITY PATCH 030/117] kern/partition: Check for NULL before dereferencing input string, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 029/117] zstd: Initialize seq_t structure fully, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 033/117] disk/ldm: Fix memory leak on uninserted lv references, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 027/117] gnulib/regcomp: Fix uninitialized re_token, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 031/117] disk/ldm: Make sure comp data is freed before exiting from make_vg(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 034/117] disk/cryptodisk: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 035/117] hfsplus: Check that the volume name length is valid, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 036/117] zfs: Fix possible negative shift operation, Daniel Kiper, 2021/03/02