grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY PATCH 031/117] disk/ldm: Make sure comp data is freed before e

From: Daniel Kiper
Subject: [SECURITY PATCH 031/117] disk/ldm: Make sure comp data is freed before exiting from make_vg()
Date: Tue, 2 Mar 2021 19:00:38 +0100 
From: Marco A Benatto <mbenatto@redhat.com>

Several error handling paths in make_vg() do not free comp data before
jumping to fail2 label and returning from the function. This will leak
memory. So, let's fix all issues of that kind.

Fixes: CID 73804

Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 7 deletions(-)

diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
index 912e88255..48942549a 100644
--- a/grub-core/disk/ldm.c
+++ b/grub-core/disk/ldm.c
@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
              comp->segments = grub_calloc (comp->segment_alloc,
                                            sizeof (*comp->segments));
              if (!comp->segments)
-               goto fail2;
+               {
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
            }
          else
            {
@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
              comp->segment_count = 1;
              comp->segments = grub_malloc (sizeof (*comp->segments));
              if (!comp->segments)
-               goto fail2;
+               {
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
              comp->segments->start_extent = 0;
              comp->segments->extent_count = lv->size;
              comp->segments->layout = 0;
@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
                  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
                }
              else
-               goto fail2;
+               {
+                 grub_free (comp->segments);
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
              ptr += *ptr + 1;
              ptr++;
              if (!(vblk[i].flags & 0x10))
-               goto fail2;
+               {
+                 grub_free (comp->segments);
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
              if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
                  || ptr + *ptr + 1 >= vblk[i].dynamic
                  + sizeof (vblk[i].dynamic))
                {
+                 grub_free (comp->segments);
                  grub_free (comp->internal_id);
                  grub_free (comp);
                  goto fail2;
@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
              if (ptr + *ptr + 1 >= vblk[i].dynamic
                  + sizeof (vblk[i].dynamic))
                {
+                 grub_free (comp->segments);
                  grub_free (comp->internal_id);
                  grub_free (comp);
                  goto fail2;
@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
              comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
                                                   sizeof 
(*comp->segments->nodes));
              if (!lv->segments->nodes)
-               goto fail2;
+               {
+                 grub_free (comp->segments);
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
            }
 
          if (lv->segments->node_alloc == lv->segments->node_count)
@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
 
              if (grub_mul (lv->segments->node_alloc, 2, 
&lv->segments->node_alloc) ||
                  grub_mul (lv->segments->node_alloc, sizeof 
(*lv->segments->nodes), &sz))
-               goto fail2;
+               {
+                 grub_free (comp->segments->nodes);
+                 grub_free (comp->segments);
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
 
              t = grub_realloc (lv->segments->nodes, sz);
              if (!t)
-               goto fail2;
+               {
+                 grub_free (comp->segments->nodes);
+                 grub_free (comp->segments);
+                 grub_free (comp->internal_id);
+                 grub_free (comp);
+                 goto fail2;
+               }
              lv->segments->nodes = t;
            }
          lv->segments->nodes[lv->segments->node_count].pv = 0;
-- 
2.11.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]