json: Avoid a double-free when parsing fails.
When grub_json_parse() succeeds, it returns the root object which contains a pointer to the provided JSON string. Callers are responsible for ensuring that this string outlives the root object and for freeing its memory when it's no longer needed. If grub_json_parse() fails to parse the provided JSON string, it frees the string before returning an error. This results in a double free in luks2_recover_key(), which also frees the same string after grub_json_parse() returns an error. This changes grub_json_parse() to never free the JSON string passed to it, and updates the documentation for it to make it clear that callers are responsible for ensuring that the string outlives the root JSON object. Fixes: CID 292465 Signed-off-by: Chris Coulson <chris.coulson@canonical.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
parent
6d7a59a2a1
commit
dc052e5ac7
2 changed files with 7 additions and 7 deletions
|
@ -71,12 +71,9 @@ grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len)
|
|||
*out = json;
|
||||
|
||||
err:
|
||||
if (ret && json)
|
||||
{
|
||||
grub_free (json->string);
|
||||
grub_free (json->tokens);
|
||||
grub_free (json);
|
||||
}
|
||||
if (ret)
|
||||
grub_json_free (json);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
@ -50,7 +50,10 @@ typedef struct grub_json grub_json_t;
|
|||
* Parse a JSON-encoded string. Note that the string passed to
|
||||
* this function will get modified on subsequent calls to
|
||||
* grub_json_get*(). Returns the root object of the parsed JSON
|
||||
* object, which needs to be free'd via grub_json_free().
|
||||
* object, which needs to be free'd via grub_json_free(). Callers
|
||||
* must ensure that the string outlives the returned root object,
|
||||
* and that child objects must not be used after the root object
|
||||
* has been free'd.
|
||||
*/
|
||||
extern grub_err_t EXPORT_FUNC(grub_json_parse) (grub_json_t **out,
|
||||
char *string,
|
||||
|
|
Loading…
Reference in a new issue