[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 081/117] fs/nilfs2: Properly bail on errors in grub_nilf
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 081/117] fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() |
Date: |
Tue, 2 Mar 2021 19:01:28 +0100 |
From: Daniel Axtens <dja@axtens.net>
We just introduced an error return in grub_nilfs2_btree_node_lookup().
Make sure the callers catch it.
At the same time, make sure that grub_nilfs2_btree_node_lookup() always
inits the index pointer passed to it.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/nilfs2.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
index 7963b4ef5..9b76982b3 100644
--- a/grub-core/fs/nilfs2.c
+++ b/grub-core/fs/nilfs2.c
@@ -433,7 +433,7 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data
*data,
grub_uint64_t key, int *indexp)
{
grub_uint64_t nkey;
- int index, low, high, s;
+ int index = 0, low, high, s;
low = 0;
@@ -441,10 +441,10 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data
*data,
if (high >= grub_nilfs2_btree_node_nchildren_max (data, node))
{
grub_error (GRUB_ERR_BAD_FS, "too many children");
+ *indexp = index;
return 0;
}
- index = 0;
s = 0;
while (low <= high)
{
@@ -526,6 +526,10 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
level = grub_nilfs2_btree_get_level (node);
found = grub_nilfs2_btree_node_lookup (data, node, key, &index);
+
+ if (grub_errno != GRUB_ERR_NONE)
+ goto fail;
+
ptr = grub_nilfs2_btree_node_get_ptr (data, node, index);
if (need_translate)
ptr = grub_nilfs2_dat_translate (data, ptr);
@@ -550,7 +554,8 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
else
index = 0;
- if (index < grub_nilfs2_btree_node_nchildren_max (data, node))
+ if (index < grub_nilfs2_btree_node_nchildren_max (data, node) &&
+ grub_errno == GRUB_ERR_NONE)
{
ptr = grub_nilfs2_btree_node_get_ptr (data, node, index);
if (need_translate)
--
2.11.0
- [SECURITY PATCH 091/117] disk/lvm: Sanitize rlocn->offset to prevent wild read, (continued)
- [SECURITY PATCH 091/117] disk/lvm: Sanitize rlocn->offset to prevent wild read, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 096/117] kern/parser: Introduce process_char() helper, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 097/117] kern/parser: Introduce terminate_arg() helper, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 080/117] fs/nilfs2: Don't search children if provided number is too large, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 088/117] disk/lvm: Bail on missing PV list, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 099/117] kern/buffer: Add variable sized heap buffer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 076/117] fs/jfs: Do not move to leaf level if name length is negative, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 075/117] fs/sfs: Fix over-read of root object name, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 074/117] fs/hfs: Disable under lockdown, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 094/117] fs/btrfs: Squash some uninitialized reads, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 081/117] fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup(),
Daniel Kiper <=
- [SECURITY PATCH 093/117] fs/btrfs: Validate the number of stripes/parities in RAID5/6, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 090/117] disk/lvm: Do not overread metadata, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 095/117] kern/parser: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 092/117] disk/lvm: Do not allow a LV to be it's own segment's node's LV, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 098/117] kern/parser: Refactor grub_parser_split_cmdline() cleanup, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 102/117] util/mkimage: Remove unused code to add BSS section, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 108/117] util/mkimage: Refactor section setup to use a helper, Daniel Kiper, 2021/03/02