When grub_json_parse() succeeds, it returns the root object which
contains a pointer to the provided JSON string. Callers are
responsible for ensuring that this string outlives the root
object and for freeing its memory when it's no longer needed.
If grub_json_parse() fails to parse the provided JSON string,
it frees the string before returning an error. This results
in a double free in luks2_recover_key(), which also frees the
same string after grub_json_parse() returns an error.
This changes grub_json_parse() to never free the JSON string
passed to it, and updates the documentation for it to make it
clear that callers are responsible for ensuring that the string
outlives the root JSON object.
Fixes: CID 292465
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
*out = json;
err:
- if (ret && json)
- {
- grub_free (json->string);
- grub_free (json->tokens);
- grub_free (json);
- }
+ if (ret)
+ grub_json_free (json);
+
return ret;
}
* Parse a JSON-encoded string. Note that the string passed to
* this function will get modified on subsequent calls to
* grub_json_get*(). Returns the root object of the parsed JSON
- * object, which needs to be free'd via grub_json_free().
+ * object, which needs to be free'd via grub_json_free(). Callers
+ * must ensure that the string outlives the returned root object,
+ * and that child objects must not be used after the root object
+ * has been free'd.
*/
extern grub_err_t EXPORT_FUNC(grub_json_parse) (grub_json_t **out,
char *string,
projects / thirdparty / grub.git / commitdiff
