From: Eric Snowberg <eric.snowberg@oracle.com>
Date: Wed, 14 Mar 2018 15:51:17 +0000 (-0700)
Subject: ieee1275: NULL pointer dereference in grub_machine_get_bootlocation()
X-Git-Tag: grub-2.04-rc1~180
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ceb55b7a079cdaa61437f652e90bf2d1011ad0e;p=thirdparty%2Fgrub.git

ieee1275: NULL pointer dereference in grub_machine_get_bootlocation()

Read from NULL pointer canon in function grub_machine_get_bootlocation().
Function grub_ieee1275_canonicalise_devname() may return NULL.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
index 62dfb8a3b..0d8ebf58b 100644
--- a/grub-core/kern/ieee1275/init.c
+++ b/grub-core/kern/ieee1275/init.c
@@ -110,6 +110,8 @@ grub_machine_get_bootlocation (char **device, char **path)
       char *ptr;
       dev = grub_ieee1275_get_aliasdevname (bootpath);
       canon = grub_ieee1275_canonicalise_devname (dev);
+      if (! canon)
+        return;
       ptr = canon + grub_strlen (canon) - 1;
       while (ptr > canon && (*ptr == ',' || *ptr == ':'))
 	ptr--;