8e2eae8e3f
- Security fixes for 2024 * 0001-misc-Implement-grub_strlcpy.patch - Fix CVE-2024-45781 (bsc#1233617) * 0002-fs-ufs-Fix-a-heap-OOB-write.patch - Fix CVE-2024-56737 (bsc#1234958) - Fix CVE-2024-45782 (bsc#1233615) * 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch - Fix CVE-2024-45780 (bsc#1233614) * 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch - Fix CVE-2024-45783 (bsc#1233616) * 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch * 0006-kern-file-Ensure-file-data-is-set.patch * 0007-kern-file-Implement-filesystem-reference-counting.patch - Fix CVE-2025-0624 (bsc#1236316) * 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch - Fix CVE-2024-45774 (bsc#1233609) * 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch - Fix CVE-2024-45775 (bsc#1233610) * 0010-commands-extcmd-Missing-check-for-failed-allocation.patch - Fix CVE-2025-0622 (bsc#1236317) * 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch - Fix CVE-2025-0622 (bsc#1236317) * 0012-normal-Remove-variables-hooks-on-module-unload.patch - Fix CVE-2025-0622 (bsc#1236317) * 0013-gettext-Remove-variables-hooks-on-module-unload.patch - Fix CVE-2024-45776 (bsc#1233612) * 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch - Fix CVE-2024-45777 (bsc#1233613) * 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch - Fix CVE-2025-0690 (bsc#1237012) OBS-URL: https://build.opensuse.org/request/show/1246819 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=528
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From 07482c2ab034df5069761319e4969551c3dcc6e1 Mon Sep 17 00:00:00 2001
|
|
From: B Horn <b@horn.uk>
|
|
Date: Sun, 12 May 2024 03:01:40 +0100
|
|
Subject: [PATCH 06/20] kern/file: Ensure file->data is set
|
|
|
|
This is to avoid a generic issue were some filesystems would not set
|
|
data and also not set a grub_errno. This meant it was possible for many
|
|
filesystems to grub_dl_unref() themselves multiple times resulting in
|
|
it being possible to unload the filesystems while there were still
|
|
references to them, e.g., via a loopback.
|
|
|
|
Reported-by: B Horn <b@horn.uk>
|
|
Signed-off-by: B Horn <b@horn.uk>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/kern/file.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c
|
|
index 750177248f..e990507fca 100644
|
|
--- a/grub-core/kern/file.c
|
|
+++ b/grub-core/kern/file.c
|
|
@@ -114,6 +114,9 @@ grub_file_open (const char *name, enum grub_file_type type)
|
|
if ((file->fs->fs_open) (file, file_name) != GRUB_ERR_NONE)
|
|
goto fail;
|
|
|
|
+ if (file->data == NULL)
|
|
+ goto fail;
|
|
+
|
|
file->name = grub_strdup (name);
|
|
grub_errno = GRUB_ERR_NONE;
|
|
|
|
--
|
|
2.48.1
|
|
|