]> git.ipfire.org Git - thirdparty/grub.git/commitdiff
projects / thirdparty / grub.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0bf56bc)
commands/pgp: Unregister the "check_signatures" hooks on module unload
authorB Horn <b@horn.uk>
Fri, 1 Nov 2024 19:24:29 +0000 (19:24 +0000)
committerDaniel Kiper <daniel.kiper@oracle.com>
Thu, 13 Feb 2025 14:45:55 +0000 (15:45 +0100)
If the hooks are not removed they can be called after the module has
been unloaded leading to an use-after-free.

Fixes: CVE-2025-0622
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-core/commands/pgp.c patch | blob | blame | history

diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
index c6766f044aaa62d87fb868a1014b282870edc426..5fadc33c4131a0562044222881b593ec52aef0ab 100644 (file)
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
 
 GRUB_MOD_FINI(pgp)
 {
+  grub_register_variable_hook ("check_signatures", NULL, NULL);
+  grub_env_unset ("check_signatures");
   grub_verifier_unregister (&grub_pubkey_verifier);
   grub_unregister_extcmd (cmd);
   grub_unregister_extcmd (cmd_trust);
Mirror of https://git.savannah.gnu.org/git/grub.git