From 24d5934daa37b3f9c5857945a93fa68ac9c308a2 Mon Sep 17 00:00:00 2001 From: Jon McCune Date: Fri, 13 Dec 2013 08:47:12 -0800 Subject: [PATCH] Fix double-free introduced by commit 33d02a42d64cf06cada1c389e5abba4b9d196cc5 To reproduce the problem, make sure you have a GPG public key available, build and install GRUB: grub-install --debug --debug-image="all" --pubkey=/boot/pubkey.gpg --modules="serial terminfo gzio search search_label search_fs_uuid search_fs_file linux vbe video_fb video mmap relocator verify gcry_rsa gcry_dsa gcry_sha256 hashsum gcry_sha1 mpi echo loadenv boottime" /dev/sda Sign all the files in /boot/grub/* and reboot. 'make check' results identical before and after this change. TESTED: In a QEMU VM using an i386 target. --- ChangeLog | 4 ++++ grub-core/commands/verify.c | 1 + grub-core/io/gzio.c | 1 + grub-core/io/lzopio.c | 1 + grub-core/io/xzio.c | 1 + 5 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index c8bf716b0..9895a2fb3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2013-12-17 Jon McCune + + Fix double-free introduced by commit 33d02a42d64cf06cada1c389 + 2013-12-17 Vladimir Serbinenko Unify message for unsupported relocation. diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c index 85a72d65f..87c6d4f2c 100644 --- a/grub-core/commands/verify.c +++ b/grub-core/commands/verify.c @@ -885,6 +885,7 @@ grub_pubkey_open (grub_file_t io, const char *filename) if (err) return NULL; io->device = 0; + io->name = 0; grub_file_close (io); return ret; } diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c index 6327fda35..aec798f59 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -1275,6 +1275,7 @@ grub_gzio_close (grub_file_t file) /* No need to close the same device twice. */ file->device = 0; + file->name = 0; return grub_errno; } diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c index b1ce26029..de2ea6778 100644 --- a/grub-core/io/lzopio.c +++ b/grub-core/io/lzopio.c @@ -525,6 +525,7 @@ grub_lzopio_close (grub_file_t file) /* Device must not be closed twice. */ file->device = 0; + file->name = 0; return grub_errno; } diff --git a/grub-core/io/xzio.c b/grub-core/io/xzio.c index e57f8019e..a3536ad73 100644 --- a/grub-core/io/xzio.c +++ b/grub-core/io/xzio.c @@ -319,6 +319,7 @@ grub_xzio_close (grub_file_t file) /* Device must not be closed twice. */ file->device = 0; + file->name = 0; return grub_errno; }