Accepting request 777567 from home:michael-chang:branches:Base:System

- Fix grub hangs after loading rogue image without valid signature for uefi
  secure boot (bsc#1159102)
  * grub2-verifiers-fix-system-freeze-if-verify-failed.patch

OBS-URL: https://build.opensuse.org/request/show/777567
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=346

grub2-verifiers-fix-system-freeze-if-verify-failed.patch

@@ -0,0 +1,44 @@
+From d0de8b37f651e13886ef0e0fda285a1294adafe8 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Tue, 18 Feb 2020 18:08:18 +0800
+Subject: [PATCH] verifiers: Fix calling uninitialized function pointer
+
+The necessary check for NULL before use of function ver->close is not
+taking place in the failure path. This patch simply adds the missing
+check and fixes the problem that GRUB hangs indefinitely after booting
+rogue image without valid signature if secure boot is turned on.
+
+Now it displays like this for booting rogue UEFI image:
+
+  error: bad shim signature
+  error: you need to load the kernel first
+
+  Press any key to continue...
+
+and then you can go back to boot menu by pressing any key or after a few
+seconds expired.
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/commands/verifiers.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
+index 0dde48182..7b9297cd3 100644
+--- a/grub-core/commands/verifiers.c
++++ b/grub-core/commands/verifiers.c
+@@ -196,7 +196,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
+   return ret;
+ 
+  fail:
+-  ver->close (context);
++  if (ver->close)
++    ver->close (context);
+  fail_noclose:
+   verified_free (verified);
+   grub_free (ret);
+-- 
+2.16.4
+

grub2.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Feb 18 08:43:30 UTC 2020 - Michael Chang <mchang@suse.com>
+
+- Fix grub hangs after loading rogue image without valid signature for uefi
+  secure boot (bsc#1159102)
+  * grub2-verifiers-fix-system-freeze-if-verify-failed.patch
+
 -------------------------------------------------------------------
 Tue Feb  4 07:59:40 UTC 2020 - Michael Chang <mchang@suse.com>
 

grub2.spec

@@ -223,6 +223,7 @@ Patch85:        grub2-getroot-scan-disk-pv.patch
 Patch92:        grub2-util-30_os-prober-multiple-initrd.patch
 Patch93:        grub2-getroot-support-nvdimm.patch
 Patch94:        grub2-install-fix-not-a-directory-error.patch
+Patch95:        grub2-verifiers-fix-system-freeze-if-verify-failed.patch
 # Btrfs snapshot booting related patches
 Patch101:       grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
 Patch102:       grub2-btrfs-02-export-subvolume-envvars.patch
@@ -508,6 +509,7 @@ swap partition while in resuming
 %patch92 -p1
 %patch93 -p1
 %patch94 -p1
+%patch95 -p1
 %patch101 -p1
 %patch102 -p1
 %patch103 -p1