grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY PATCH 09/28] xnu: Fix double free in grub_xnu_devprop_add_prop

From: Daniel Kiper
Subject: [SECURITY PATCH 09/28] xnu: Fix double free in grub_xnu_devprop_add_property()
Date: Wed, 29 Jul 2020 19:00:22 +0200 
From: Alexey Makhalov <amakhalov@vmware.com>

grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
allocated and freed in the caller.

Minor improvement: do prop fields initialization after memory allocations.

Fixes: CID 292442, CID 292457, CID 292460, CID 292466

Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/loader/i386/xnu.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
index b7d176b5d..e9e119259 100644
--- a/grub-core/loader/i386/xnu.c
+++ b/grub-core/loader/i386/xnu.c
@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct 
grub_xnu_devprop_device_descriptor *dev,
   if (!prop)
     return grub_errno;
 
+  prop->data = grub_malloc (datalen);
+  if (!prop->data)
+    {
+      grub_free (prop);
+      return grub_errno;
+    }
+  grub_memcpy (prop->data, data, datalen);
+
   prop->name = utf8;
   prop->name16 = utf16;
   prop->name16len = utf16len;
-
   prop->length = datalen;
-  prop->data = grub_malloc (prop->length);
-  if (!prop->data)
-    {
-      grub_free (prop->name);
-      grub_free (prop->name16);
-      grub_free (prop);
-      return grub_errno;
-    }
-  grub_memcpy (prop->data, data, prop->length);
+
   grub_list_push (GRUB_AS_LIST_P (&dev->properties),
                  GRUB_AS_LIST (prop));
   return GRUB_ERR_NONE;
-- 
2.11.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]