json: Avoid a double-free when parsing fails.

When grub_json_parse() succeeds, it returns the root object which
contains a pointer to the provided JSON string. Callers are
responsible for ensuring that this string outlives the root
object and for freeing its memory when it's no longer needed.

If grub_json_parse() fails to parse the provided JSON string,
it frees the string before returning an error. This results
in a double free in luks2_recover_key(), which also frees the
same string after grub_json_parse() returns an error.

This changes grub_json_parse() to never free the JSON string
passed to it, and updates the documentation for it to make it
clear that callers are responsible for ensuring that the string
outlives the root JSON object.

Fixes: CID 292465

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Chris Coulson 2020-07-09 19:04:43 +01:00 committed by Daniel Kiper
parent 6d7a59a2a1
commit dc052e5ac7
2 changed files with 7 additions and 7 deletions

View file

@ -71,12 +71,9 @@ grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len)
*out = json;
err:
if (ret && json)
{
grub_free (json->string);
grub_free (json->tokens);
grub_free (json);
}
if (ret)
grub_json_free (json);
return ret;
}

View file

@ -50,7 +50,10 @@ typedef struct grub_json grub_json_t;
* Parse a JSON-encoded string. Note that the string passed to
* this function will get modified on subsequent calls to
* grub_json_get*(). Returns the root object of the parsed JSON
* object, which needs to be free'd via grub_json_free().
* object, which needs to be free'd via grub_json_free(). Callers
* must ensure that the string outlives the returned root object,
* and that child objects must not be used after the root object
* has been free'd.
*/
extern grub_err_t EXPORT_FUNC(grub_json_parse) (grub_json_t **out,
char *string,