diff options
author | Darren Kenny <darren.kenny@oracle.com> | 2022-03-16 17:25:05 +0000 |
---|---|---|
committer | Daniel Kiper <daniel.kiper@oracle.com> | 2022-03-21 19:41:37 +0100 |
commit | 62f0489aff002a44a72d390b42fc571e91378838 (patch) | |
tree | 74031b8d106c48002d020c70d3d7f44029a33c5e | |
parent | 8541f319cb840abae054f78757aeddb41b4711a6 (diff) | |
download | grub-62f0489aff002a44a72d390b42fc571e91378838.tar.gz |
kern/rescue_parser: Ensure that parser allocated memory is not leaked
While it would appear unlikely that the memory allocated in *argv in
grub_parser_split_cmdline() would be leaked, we should try ensure that
it doesn't leak by calling grub_free() before we return from
grub_rescue_parse_line().
To avoid a possible double-free, grub_parser_split_cmdline() is being
changed to assign *argv = NULL when we've called grub_free() in the fail
section.
Fixes: CID 96680
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-rw-r--r-- | grub-core/kern/parser.c | 2 | ||||
-rw-r--r-- | grub-core/kern/rescue_parser.c | 10 |
2 files changed, 10 insertions, 2 deletions
diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c index 6ab7aa427..9b7b31a51 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -298,6 +298,8 @@ grub_parser_split_cmdline (const char *cmdline, fail: grub_free (*argv); + *argv = NULL; + *argc = 0; goto out; } diff --git a/grub-core/kern/rescue_parser.c b/grub-core/kern/rescue_parser.c index 633836699..799641a03 100644 --- a/grub-core/kern/rescue_parser.c +++ b/grub-core/kern/rescue_parser.c @@ -36,10 +36,16 @@ grub_rescue_parse_line (char *line, if (grub_parser_split_cmdline (line, getline, getline_data, &n, &args) || n < 0) - return grub_errno; + { + grub_free(args); + return grub_errno; + } if (n == 0) - return GRUB_ERR_NONE; + { + grub_free(args); + return GRUB_ERR_NONE; + } /* In case of an assignment set the environment accordingly instead of calling a function. */ |