grub/grub-core/gfxmenu/gui_string_util.c
Peter Jones f725fa7cb2 calloc: Use calloc() at most places
This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00

206 lines
5.5 KiB
C

/* gui_string_util.c - String utilities used by the GUI system. */
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2008,2009 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/gui_string_util.h>
#include <grub/types.h>
#include <grub/misc.h>
#include <grub/mm.h>
/* Create a new NUL-terminated string on the heap as a substring of BUF.
The range of buf included is the half-open interval [START,END).
The index START is inclusive, END is exclusive. */
char *
grub_new_substring (const char *buf,
grub_size_t start, grub_size_t end)
{
if (end < start)
return 0;
grub_size_t len = end - start;
char *s = grub_malloc (len + 1);
if (! s)
return 0;
grub_memcpy (s, buf + start, len);
s[len] = '\0';
return s;
}
/* Eliminate "." and ".." path elements from PATH. A new heap-allocated
string is returned. */
static char *
canonicalize_path (const char *path)
{
int i;
const char *p;
char *newpath = 0;
/* Count the path components in path. */
int components = 1;
for (p = path; *p; p++)
if (*p == '/')
components++;
char **path_array = grub_calloc (components, sizeof (*path_array));
if (! path_array)
return 0;
/* Initialize array elements to NULL pointers; in case once of the
allocations fails, the cleanup code can just call grub_free() for all
pointers in the array. */
for (i = 0; i < components; i++)
path_array[i] = 0;
/* Parse the path into path_array. */
p = path;
for (i = 0; i < components && p; i++)
{
/* Find the end of the path element. */
const char *end = grub_strchr (p, '/');
if (!end)
end = p + grub_strlen (p);
/* Copy the element. */
path_array[i] = grub_new_substring (p, 0, end - p);
if (! path_array[i])
goto cleanup;
/* Advance p to point to the start of the next element, or NULL. */
if (*end)
p = end + 1;
else
p = 0;
}
/* Eliminate '.' and '..' elements from the path array. */
int newpath_length = 0;
for (i = components - 1; i >= 0; --i)
{
if (! grub_strcmp (path_array[i], "."))
{
grub_free (path_array[i]);
path_array[i] = 0;
}
else if (! grub_strcmp (path_array[i], "..")
&& i > 0)
{
/* Delete the '..' and the prior path element. */
grub_free (path_array[i]);
path_array[i] = 0;
--i;
grub_free (path_array[i]);
path_array[i] = 0;
}
else
{
newpath_length += grub_strlen (path_array[i]) + 1;
}
}
/* Construct a new path string. */
newpath = grub_malloc (newpath_length + 1);
if (! newpath)
goto cleanup;
newpath[0] = '\0';
char *newpath_end = newpath;
int first = 1;
for (i = 0; i < components; i++)
{
char *element = path_array[i];
if (element)
{
/* For all components but the first, prefix with a slash. */
if (! first)
newpath_end = grub_stpcpy (newpath_end, "/");
newpath_end = grub_stpcpy (newpath_end, element);
first = 0;
}
}
cleanup:
for (i = 0; i < components; i++)
grub_free (path_array[i]);
grub_free (path_array);
return newpath;
}
/* Return a new heap-allocated string representing to absolute path
to the file referred to by PATH. If PATH is an absolute path, then
the returned path is a copy of PATH. If PATH is a relative path, then
BASE is with PATH used to construct the absolute path. */
char *
grub_resolve_relative_path (const char *base, const char *path)
{
char *abspath;
char *canonpath;
char *p;
grub_size_t l;
/* If PATH is an absolute path, then just use it as is. */
if (path[0] == '/' || path[0] == '(')
return canonicalize_path (path);
abspath = grub_malloc (grub_strlen (base) + grub_strlen (path) + 3);
if (! abspath)
return 0;
/* Concatenate BASE and PATH. */
p = grub_stpcpy (abspath, base);
l = grub_strlen (abspath);
if (l == 0 || abspath[l-1] != '/')
{
*p = '/';
p++;
*p = 0;
}
grub_stpcpy (p, path);
canonpath = canonicalize_path (abspath);
if (! canonpath)
return abspath;
grub_free (abspath);
return canonpath;
}
/* Get the path of the directory where the file at FILE_PATH is located.
FILE_PATH should refer to a file, not a directory. The returned path
includes a trailing slash.
This does not handle GRUB "(hd0,0)" paths properly yet since it only
looks at slashes. */
char *
grub_get_dirname (const char *file_path)
{
int i;
int last_slash;
last_slash = -1;
for (i = grub_strlen (file_path) - 1; i >= 0; --i)
{
if (file_path[i] == '/')
{
last_slash = i;
break;
}
}
if (last_slash == -1)
return grub_strdup ("/");
return grub_new_substring (file_path, 0, last_slash + 1);
}