[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 5/6] zfs: Fix possible insecure use of chunk size in zap_leaf_arr
From: |
Darren Kenny |
Subject: |
[PATCH 5/6] zfs: Fix possible insecure use of chunk size in zap_leaf_array_get() |
Date: |
Tue, 26 Oct 2021 15:02:39 +0000 |
In zap_leaf_array_get() the chunk size passed in is considered tainted
by Coverity, and is being used before it is tested for validity.
To fix this the assignment of 'la' is moved until after the test of the
value of 'chunk'.
Fixes: CID 314014
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
---
grub-core/fs/zfs/zfs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
index 44e4e18147af..e9d7a7d0e4f6 100644
--- a/grub-core/fs/zfs/zfs.c
+++ b/grub-core/fs/zfs/zfs.c
@@ -2229,7 +2229,7 @@ zap_leaf_array_get (zap_leaf_phys_t * l,
grub_zfs_endian_t endian, int blksft,
while (bseen < array_len)
{
- struct zap_leaf_array *la = &ZAP_LEAF_CHUNK (l, blksft, chunk)->l_array;
+ struct zap_leaf_array *la;
grub_size_t toread = array_len - bseen;
if (toread > ZAP_LEAF_ARRAY_BYTES)
@@ -2239,6 +2239,7 @@ zap_leaf_array_get (zap_leaf_phys_t * l,
grub_zfs_endian_t endian, int blksft,
/* Don't use grub_error because this error is to be ignored. */
return GRUB_ERR_BAD_FS;
+ la = &ZAP_LEAF_CHUNK (l, blksft, chunk)->l_array;
grub_memcpy (buf + bseen,la->la_array, toread);
chunk = grub_zfs_to_cpu16 (la->la_next, endian);
bseen += toread;
--
2.27.0
- [PATCH 0/6] Fix some Coverity low-hanging bugs, Darren Kenny, 2021/10/26
- [PATCH 6/6] gzio: Fix possible use of uninitialized variable in huft_build(), Darren Kenny, 2021/10/26
- [PATCH 3/6] grub-fstest: Fix resource leaks in cmd_cmp(), Darren Kenny, 2021/10/26
- [PATCH 4/6] grub-mkfont: Fix memory leak in write_font_pf2(), Darren Kenny, 2021/10/26
- [PATCH 2/6] grub-mkrescue: Fix memory leak in write_part(), Darren Kenny, 2021/10/26
- [PATCH 1/6] grub-install-common: Fix memory leak in copy_all(), Darren Kenny, 2021/10/26
- [PATCH 5/6] zfs: Fix possible insecure use of chunk size in zap_leaf_array_get(),
Darren Kenny <=
- Re: [PATCH 0/6] Fix some Coverity low-hanging bugs, Daniel Kiper, 2021/10/28