From 004a2b1efdd782cf946387d2060ad9250d61c435 Mon Sep 17 00:00:00 2001 From: Leif Lindholm Date: Mon, 17 Nov 2014 14:11:01 +0000 Subject: [PATCH] efi: check *path non-null before grub_strrchr The EFI version of grub_machine_get_bootlocation crops the boot image name back to the last / in order to get a directory path. However, it does not check that *name is actually set before calling grub_strrchr to do this, and neither does grub_strrchr before dereferencing a NULL pointer. Parent function, grub_set_prefix_and_root, does check the pointer before using. --- ChangeLog | 5 +++++ grub-core/kern/efi/init.c | 11 +++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 87faadf48..07d06465d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2014-01-07 Leif Lindholm + + * grub-core/kern/efi/init.c: check value of *path before + dereferencing. + 2014-11-03 Michael Chang * grub-core/net/icmp6.c (grub_net_recv_icmp6_packet): Fix size diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c index 942ab0256..e9c85de12 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -63,10 +63,13 @@ grub_machine_get_bootlocation (char **device, char **path) if (!*device && grub_efi_net_config) grub_efi_net_config (image->device_handle, device, path); - /* Get the directory. */ - p = grub_strrchr (*path, '/'); - if (p) - *p = '\0'; + if (*path) + { + /* Get the directory. */ + p = grub_strrchr (*path, '/'); + if (p) + *p = '\0'; + } } void