rpm/grub2
SHA256
1
0
Fork 0
forked from pool/grub2
Code Pull Requests Activity

Accepting request 777567 from home:michael-chang:branches:Base:System

Browse Source 
- Fix grub hangs after loading rogue image without valid signature for uefi
  secure boot (bsc#1159102)
  * grub2-verifiers-fix-system-freeze-if-verify-failed.patch

OBS-URL: https://build.opensuse.org/request/show/777567
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=346
This commit is contained in:
Michael Chang 2020-02-20 07:21:45 +00:00 committed by Git OBS Bridge
parent 5a5b74dea6
commit 6ebf4c4807
3 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
grub2-verifiers-fix-system-freeze-if-verify-failed.patch Normal file
View File

@ -0,0 +1,44 @@
From d0de8b37f651e13886ef0e0fda285a1294adafe8 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 18 Feb 2020 18:08:18 +0800
Subject: [PATCH] verifiers: Fix calling uninitialized function pointer
The necessary check for NULL before use of function ver->close is not
taking place in the failure path. This patch simply adds the missing
check and fixes the problem that GRUB hangs indefinitely after booting
rogue image without valid signature if secure boot is turned on.
Now it displays like this for booting rogue UEFI image:
error: bad shim signature
error: you need to load the kernel first
Press any key to continue...
and then you can go back to boot menu by pressing any key or after a few
seconds expired.
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/verifiers.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
index 0dde48182..7b9297cd3 100644
--- a/grub-core/commands/verifiers.c
+++ b/grub-core/commands/verifiers.c
@@ -196,7 +196,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
return ret;
fail:
- ver->close (context);
+ if (ver->close)
+ ver->close (context);
fail_noclose:
verified_free (verified);
grub_free (ret);
--
2.16.4

7
grub2.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Feb 18 08:43:30 UTC 2020 - Michael Chang <mchang@suse.com>
- Fix grub hangs after loading rogue image without valid signature for uefi
secure boot (bsc#1159102)
* grub2-verifiers-fix-system-freeze-if-verify-failed.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 4 07:59:40 UTC 2020 - Michael Chang <mchang@suse.com> Tue Feb 4 07:59:40 UTC 2020 - Michael Chang <mchang@suse.com>

2
grub2.spec
View File

@ -223,6 +223,7 @@ Patch85: grub2-getroot-scan-disk-pv.patch
Patch92: grub2-util-30_os-prober-multiple-initrd.patch Patch92: grub2-util-30_os-prober-multiple-initrd.patch
Patch93: grub2-getroot-support-nvdimm.patch Patch93: grub2-getroot-support-nvdimm.patch
Patch94: grub2-install-fix-not-a-directory-error.patch Patch94: grub2-install-fix-not-a-directory-error.patch
Patch95: grub2-verifiers-fix-system-freeze-if-verify-failed.patch
# Btrfs snapshot booting related patches # Btrfs snapshot booting related patches
Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch Patch101: grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
Patch102: grub2-btrfs-02-export-subvolume-envvars.patch Patch102: grub2-btrfs-02-export-subvolume-envvars.patch
@ -508,6 +509,7 @@ swap partition while in resuming
%patch92 -p1 %patch92 -p1
%patch93 -p1 %patch93 -p1
%patch94 -p1 %patch94 -p1
%patch95 -p1
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
%patch103 -p1 %patch103 -p1