git.ipfire.org Git - thirdparty/grub.git/commit

author	Andrei Borzenkov <arvidjaar@gmail.com>
	Fri, 5 Dec 2014 18:17:08 +0000 (21:17 +0300)
committer	Andrei Borzenkov <arvidjaar@gmail.com>
	Fri, 5 Dec 2014 18:17:08 +0000 (21:17 +0300)
commit	ebb3d958aa2e1af8993c77018436bb14bec600b4
tree	d654a10731207a92822309869c9f939f00a954e7	tree
parent	272e0466da16d0f8ce782895de4189c1585de9f3	commit \| diff

fix memory corruption in pubkey filter over network

grub_pubkey_open closed original file after it was read; it set
io->device to NULL to prevent grub_file_close from trying to close device.
But network device itself is stacked (net -> bufio); and bufio preserved
original netfs file which hold reference to device. grub_file_close(io)
called grub_bufio_close which called grub_file_close for original file.
grub_file_close(netfs-file) now also called grub_device_close which
freed file->device->net. So file structure returned by grub_pubkey_open
now had device->net pointed to freed memory. When later file was closed,
it was attempted to be freed again.

Change grub_pubkey_open to behave like other filters - preserve original
parent file and pass grub_file_close down to parent. In this way only the
original file will close device. We really need to move this logic into
core instead.

Also plug memory leaks in error paths on the way.

Reported-By: Robert Kliewer <robert.kliewer@gmail.com>
Closes: bug #43601

ChangeLog		diff \| blob \| blame \| history
grub-core/commands/verify.c		diff \| blob \| blame \| history