From 61b13c187c9f2ef4dc2f1b450ff5de4008f28a50 Mon Sep 17 00:00:00 2001 From: Lidong Chen Date: Wed, 3 May 2023 17:32:19 +0000 Subject: [PATCH] fs/hfsplus: Set grub_errno to prevent NULL pointer access When an invalid node size is detected in grub_hfsplus_mount(), data pointer is freed. Thus, file->data is not set. The code should also set the grub_errno when that happens to indicate an error and to avoid accessing the uninitialized file->data in grub_file_close(). Signed-off-by: Lidong Chen Reviewed-by: Daniel Kiper --- grub-core/fs/hfsplus.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c index a2ae9486e..295822f69 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -357,7 +357,10 @@ grub_hfsplus_mount (grub_disk_t disk) (header.key_compare == GRUB_HFSPLUSX_BINARYCOMPARE)); if (data->catalog_tree.nodesize < 2) - goto fail; + { + grub_error (GRUB_ERR_BAD_FS, "invalid catalog node size"); + goto fail; + } if (grub_hfsplus_read_file (&data->extoverflow_tree.file, 0, 0, sizeof (struct grub_hfsplus_btnode), @@ -374,7 +377,10 @@ grub_hfsplus_mount (grub_disk_t disk) data->extoverflow_tree.nodesize = grub_be_to_cpu16 (header.nodesize); if (data->extoverflow_tree.nodesize < 2) - goto fail; + { + grub_error (GRUB_ERR_BAD_FS, "invalid extents overflow node size"); + goto fail; + } data->extoverflow_tree_ready = 1; -- 2.47.2