From: Eric Snowberg <eric.snowberg@oracle.com>
Date: Tue, 2 Apr 2019 16:40:31 +0000 (-0700)
Subject: ieee1275: NULL pointer dereference in grub_ieee1275_encode_devname()
X-Git-Tag: grub-2.04-rc1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f1b648b4531cb5ae94fbeaba3fe37e496fbcad4;p=thirdparty%2Fgrub.git

ieee1275: NULL pointer dereference in grub_ieee1275_encode_devname()

Function grub_strndup() may return NULL, this is called from
function grub_ieee1275_get_devname() which is then called from
function grub_ieee1275_encode_devname() to set device. The device
variable could then be used with a NULL pointer.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c
index 62929d983..4d493ab76 100644
--- a/grub-core/kern/ieee1275/openfw.c
+++ b/grub-core/kern/ieee1275/openfw.c
@@ -479,6 +479,9 @@ grub_ieee1275_encode_devname (const char *path)
   char *optr;
   const char *iptr;
 
+  if (! device)
+    return 0;
+
   encoding = grub_malloc (sizeof ("ieee1275/") + 2 * grub_strlen (device)
 			  + sizeof (",XXXXXXXXXXXX"));
   if (!encoding)