grub/grub-core
Chris Coulson dc052e5ac7 json: Avoid a double-free when parsing fails.
When grub_json_parse() succeeds, it returns the root object which
contains a pointer to the provided JSON string. Callers are
responsible for ensuring that this string outlives the root
object and for freeing its memory when it's no longer needed.

If grub_json_parse() fails to parse the provided JSON string,
it frees the string before returning an error. This results
in a double free in luks2_recover_key(), which also frees the
same string after grub_json_parse() returns an error.

This changes grub_json_parse() to never free the JSON string
passed to it, and updates the documentation for it to make it
clear that callers are responsible for ensuring that the string
outlives the root JSON object.

Fixes: CID 292465

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:48 +02:00
..
boot A workaround for clang problem assembling startup_raw.S 2019-04-08 15:22:10 +10:00
bus calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
commands malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
disk malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
efiemu calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
font font: Do not load more than one NAME section 2020-07-29 16:55:48 +02:00
fs iso9660: Don't leak memory on realloc() failures 2020-07-29 16:55:48 +02:00
gdb i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
gettext verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gfxmenu gfxmenu: Fix double free in load_image() 2020-07-29 16:55:48 +02:00
hello * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
hook * grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic 2011-11-11 21:03:49 +01:00
io calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
kern calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
lib json: Avoid a double-free when parsing fails. 2020-07-29 16:55:48 +02:00
loader xnu: Fix double free in grub_xnu_devprop_add_property() 2020-07-29 16:55:48 +02:00
mmap calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
net malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
normal malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
osdep calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
partmap calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
parttool * grub-core/net/http.c: Add TRANSLATORS comments. 2012-03-05 16:42:26 +01:00
script malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
term efi/console: Do not set text-mode until we actually need it 2020-04-21 22:13:14 +02:00
tests calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
video malloc: Use overflow checking primitives where we do complex allocations 2020-07-29 16:55:47 +02:00
gdb_grub.in * grub-core/gdb_grub.in: Fix overflow and wrong field. 2013-10-14 03:40:20 +02:00
genemuinit.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genemuinitheader.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genmod.sh.in .mod files: Strip annobin annotations and .eh_frame, and their relocations 2018-03-05 14:08:22 +01:00
genmoddep.awk enforcing fixup 2017-08-14 16:27:10 +02:00
gensyminfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00
gensymlist.sh Make 'make check' work on emu. 2013-04-27 02:00:16 +02:00
gentrigtables.c * grub-core/gentrigtables.c: Make tables const. 2013-03-01 11:15:09 +01:00
gmodule.pl.in * grub-core/gmodule.pl.in: Accept newer binutils which output 2014-09-21 18:23:23 +02:00
Makefile.am RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
Makefile.core.def tpm: Enable module for all EFI platforms 2020-05-25 14:50:42 +02:00
modinfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00