From: Lidong Chen <lidong.chen@oracle.com>
Date: Wed, 3 May 2023 17:32:19 +0000 (+0000)
Subject: fs/hfsplus: Set grub_errno to prevent NULL pointer access
X-Git-Tag: grub-2.12-rc1~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61b13c187;p=thirdparty%2Fgrub.git

fs/hfsplus: Set grub_errno to prevent NULL pointer access

When an invalid node size is detected in grub_hfsplus_mount(), data
pointer is freed. Thus, file->data is not set. The code should also
set the grub_errno when that happens to indicate an error and to avoid
accessing the uninitialized file->data in grub_file_close().

Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
index a2ae9486e..295822f69 100644
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@@ -357,7 +357,10 @@ grub_hfsplus_mount (grub_disk_t disk)
 			  (header.key_compare == GRUB_HFSPLUSX_BINARYCOMPARE));
 
   if (data->catalog_tree.nodesize < 2)
-    goto fail;
+    {
+      grub_error (GRUB_ERR_BAD_FS, "invalid catalog node size");
+      goto fail;
+    }
 
   if (grub_hfsplus_read_file (&data->extoverflow_tree.file, 0, 0,
 			      sizeof (struct grub_hfsplus_btnode),
@@ -374,7 +377,10 @@ grub_hfsplus_mount (grub_disk_t disk)
   data->extoverflow_tree.nodesize = grub_be_to_cpu16 (header.nodesize);
 
   if (data->extoverflow_tree.nodesize < 2)
-    goto fail;
+    {
+      grub_error (GRUB_ERR_BAD_FS, "invalid extents overflow node size");
+      goto fail;
+    }
 
   data->extoverflow_tree_ready = 1;