grub/grub-core/script
Chris Coulson 426f57383d script: Avoid a use-after-free when redefining a function during execution
Defining a new function with the same name as a previously defined
function causes the grub_script and associated resources for the
previous function to be freed. If the previous function is currently
executing when a function with the same name is defined, this results
in use-after-frees when processing subsequent commands in the original
function.

Instead, reject a new function definition if it has the same name as
a previously defined function, and that function is currently being
executed. Although a behavioural change, this should be backwards
compatible with existing configurations because they can't be
dependent on the current behaviour without being broken.

Fixes: CVE-2020-15706

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
..
argv.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
execute.c script: Avoid a use-after-free when redefining a function during execution 2020-07-29 16:55:48 +02:00
function.c script: Avoid a use-after-free when redefining a function during execution 2020-07-29 16:55:48 +02:00
lexer.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
main.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
parser.y script: Avoid a use-after-free when redefining a function during execution 2020-07-29 16:55:48 +02:00
script.c Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
yylex.l yylex: Make lexer fatal errors actually be fatal 2020-07-29 16:55:47 +02:00