You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.7 KiB
94 lines
2.7 KiB
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
|
From: Matthew Garrett <mjg59@coreos.com> |
|
Date: Tue, 14 Jul 2015 16:58:51 -0700 |
|
Subject: [PATCH] Fix race in EFI validation |
|
|
|
--- |
|
grub-core/loader/i386/efi/linux.c | 44 ++++++++++----------------------------- |
|
1 file changed, 11 insertions(+), 33 deletions(-) |
|
|
|
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c |
|
index e5b778577f9..7ccf32d9d45 100644 |
|
--- a/grub-core/loader/i386/efi/linux.c |
|
+++ b/grub-core/loader/i386/efi/linux.c |
|
@@ -154,7 +154,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
|
grub_file_t file = 0; |
|
struct linux_kernel_header lh; |
|
grub_ssize_t len, start, filelen; |
|
- void *kernel; |
|
+ void *kernel = NULL; |
|
|
|
grub_dl_ref (my_mod); |
|
|
|
@@ -191,10 +191,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
|
goto fail; |
|
} |
|
|
|
- grub_file_seek (file, 0); |
|
- |
|
- grub_free(kernel); |
|
- |
|
params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); |
|
|
|
if (! params) |
|
@@ -203,15 +199,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
|
goto fail; |
|
} |
|
|
|
- memset (params, 0, 16384); |
|
+ grub_memset (params, 0, 16384); |
|
|
|
- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) |
|
- { |
|
- if (!grub_errno) |
|
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), |
|
- argv[0]); |
|
- goto fail; |
|
- } |
|
+ grub_memcpy (&lh, kernel, sizeof (lh)); |
|
|
|
if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) |
|
{ |
|
@@ -271,27 +261,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
|
goto fail; |
|
} |
|
|
|
- if (grub_file_seek (file, start) == (grub_off_t) -1) |
|
- { |
|
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), |
|
- argv[0]); |
|
- goto fail; |
|
- } |
|
+ grub_memcpy (kernel_mem, (char *)kernel + start, len); |
|
+ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); |
|
+ loaded=1; |
|
|
|
- if (grub_file_read (file, kernel_mem, len) != len && !grub_errno) |
|
- { |
|
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), |
|
- argv[0]); |
|
- } |
|
- |
|
- if (grub_errno == GRUB_ERR_NONE) |
|
- { |
|
- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); |
|
- loaded = 1; |
|
- lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; |
|
- } |
|
- |
|
- memcpy(params, &lh, 2 * 512); |
|
+ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; |
|
+ grub_memcpy (params, &lh, 2 * 512); |
|
|
|
params->type_of_loader = 0x21; |
|
|
|
@@ -300,6 +275,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), |
|
if (file) |
|
grub_file_close (file); |
|
|
|
+ if (kernel) |
|
+ grub_free (kernel); |
|
+ |
|
if (grub_errno != GRUB_ERR_NONE) |
|
{ |
|
grub_dl_unref (my_mod);
|
|
|