vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

calloc: Use calloc() at most places

Browse source 
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones 2020-06-15 12:26:01 -04:00 committed by Daniel Kiper
parent 64e26162eb
commit f725fa7cb2
87 changed files with 179 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

2
util/getroot.c
View file

@ -200,7 +200,7 @@ make_device_name (const char *drive)
char *ret, *ptr;
const char *iptr;
ret = xmalloc (strlen (drive) * 2);
ret = xcalloc (2, strlen (drive));
ptr = ret;
for (iptr = drive; *iptr; iptr++)
{

2
util/grub-file.c
View file

@ -54,7 +54,7 @@ main (int argc, char *argv[])
grub_util_host_init (&argc, &argv);
argv2 = xmalloc (argc * sizeof (argv2[0]));
argv2 = xcalloc (argc, sizeof (argv2[0]));
if (argc == 2 && strcmp (argv[1], "--version") == 0)
{

4
util/grub-fstest.c
View file

@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state)
if (args_count < num_disks)
{
if (args_count == 0)
images = xmalloc (num_disks * sizeof (images[0]));
images = xcalloc (num_disks, sizeof (images[0]));
images[args_count] = grub_canonicalize_file_name (arg);
args_count++;
return 0;
@ -734,7 +734,7 @@ main (int argc, char *argv[])
grub_util_host_init (&argc, &argv);
args = xmalloc (argc * sizeof (args[0]));
args = xcalloc (argc, sizeof (args[0]));
argp_parse (&argp, argc, argv, 0, 0, 0);

2
util/grub-install-common.c
View file

@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val,
il->n_entries++;
}
il->n_alloc = il->n_entries + 1;
il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0]));
il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0]));
ptr = val;
for (ce = il->entries; ; ce++)
{

4
util/grub-install.c
View file

@ -634,7 +634,7 @@ device_map_check_duplicates (const char *dev_map)
if (! fp)
return;
d = xmalloc (alloced * sizeof (d[0]));
d = xcalloc (alloced, sizeof (d[0]));
while (fgets (buf, sizeof (buf), fp))
{
@ -1268,7 +1268,7 @@ main (int argc, char *argv[])
ndev++;
}
grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1));
grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0]));
for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++,
curdrive++)

6
util/grub-mkimagexx.c
View file

@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path,
+ grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize);
smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset);
smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections);
memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections);
smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections);
memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections);
smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs));
smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs));
SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target);

4
util/grub-mkrescue.c
View file

@ -441,8 +441,8 @@ main (int argc, char *argv[])
xorriso = xstrdup ("xorriso");
label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2");
argp_argv = xmalloc (sizeof (argp_argv[0]) * argc);
xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc);
argp_argv = xcalloc (argc, sizeof (argp_argv[0]));
xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0]));
xorriso_tail_argc = 0;
/* Program name */

2
util/grub-mkstandalone.c
View file

@ -296,7 +296,7 @@ main (int argc, char *argv[])
grub_util_host_init (&argc, &argv);
grub_util_disable_fd_syncs ();
files = xmalloc ((argc + 1) * sizeof (files[0]));
files = xcalloc (argc + 1, sizeof (files[0]));
argp_parse (&argp, argc, argv, 0, 0, 0);

12
util/grub-pe2elf.c
View file

@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image,
char *pe_strtab = (image + pe_chdr->symtab_offset
+ pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol));
section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int));
section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int));
section_map[0] = 0;
shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0]));
shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0]));
idx = 1;
idx_reloc = pe_chdr->num_sections + 1;
@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image,
pe_sec = pe_shdr + shdr[i].sh_link;
pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset);
rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t));
rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t));
num_rels = 0;
modified = 0;
@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image,
pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset);
pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols);
symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) *
sizeof (Elf_Sym));
memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym));
symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym));
num_syms = 1;
symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int));
symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int));
for (i = 0; i < (int) pe_chdr->num_symbols;
i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1)

4
util/grub-probe.c
View file

@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim)
grub_util_pull_device (*curdev);
ndev++;
}
drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1));
drives_names = xcalloc (ndev + 1, sizeof (drives_names[0]));
for (curdev = device_names, curdrive = drives_names; *curdev; curdev++,
curdrive++)