From: Andrew Hamilton <adhamilt@gmail.com>
Date: Thu, 22 May 2025 03:20:41 +0000 (-0500)
Subject: fs/fshelp: Avoid possible NULL pointer deference
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b71bc0f8b4d62bdb04cedc44cb0864616a11d90f;p=thirdparty%2Fgrub.git

fs/fshelp: Avoid possible NULL pointer deference

Avoid attempting to defererence a NULL pointer to call read_symlink() when
the given filesystem does not provide a read_symlink() function. This could
be triggered if the calling filesystem had a file marked as a symlink.
This appears possible for HFS and was observed during fuzzing of NTFS.

Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/fs/fshelp.c b/grub-core/fs/fshelp.c
index cb41934b4..15278fb80 100644
--- a/grub-core/fs/fshelp.c
+++ b/grub-core/fs/fshelp.c
@@ -226,7 +226,10 @@ find_file (char *currpath,
 	    return grub_error (GRUB_ERR_SYMLINK_LOOP,
 			       N_("too deep nesting of symlinks"));
 
-	  symlink = read_symlink (ctx->currnode->node);
+	  if (read_symlink != NULL)
+	    symlink = read_symlink (ctx->currnode->node);
+	  else
+	    return grub_error (GRUB_ERR_BAD_FS, "read_symlink is NULL");
 
 	  if (!symlink)
 	    return grub_errno;