|
|
a85e8e |
From b0c5ad48da4ee57aa56755bf0a38671de7e0dfc1 Mon Sep 17 00:00:00 2001
|
|
|
a85e8e |
From: Matthew Garrett <mjg59@coreos.com>
|
|
|
a85e8e |
Date: Tue, 14 Jul 2015 16:58:51 -0700
|
|
|
a85e8e |
Subject: [PATCH 215/260] Fix race in EFI validation
|
|
|
a85e8e |
|
|
|
a85e8e |
---
|
|
|
a85e8e |
grub-core/loader/i386/efi/linux.c | 44 ++++++++++-----------------------------
|
|
|
a85e8e |
1 file changed, 11 insertions(+), 33 deletions(-)
|
|
|
a85e8e |
|
|
|
a85e8e |
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
|
|
|
a85e8e |
index e5b778577..7ccf32d9d 100644
|
|
|
a85e8e |
--- a/grub-core/loader/i386/efi/linux.c
|
|
|
a85e8e |
+++ b/grub-core/loader/i386/efi/linux.c
|
|
|
a85e8e |
@@ -154,7 +154,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
|
|
a85e8e |
grub_file_t file = 0;
|
|
|
a85e8e |
struct linux_kernel_header lh;
|
|
|
a85e8e |
grub_ssize_t len, start, filelen;
|
|
|
a85e8e |
- void *kernel;
|
|
|
a85e8e |
+ void *kernel = NULL;
|
|
|
a85e8e |
|
|
|
a85e8e |
grub_dl_ref (my_mod);
|
|
|
a85e8e |
|
|
|
a85e8e |
@@ -191,10 +191,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
|
|
a85e8e |
goto fail;
|
|
|
a85e8e |
}
|
|
|
a85e8e |
|
|
|
a85e8e |
- grub_file_seek (file, 0);
|
|
|
a85e8e |
-
|
|
|
a85e8e |
- grub_free(kernel);
|
|
|
a85e8e |
-
|
|
|
a85e8e |
params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
|
|
|
a85e8e |
|
|
|
a85e8e |
if (! params)
|
|
|
a85e8e |
@@ -203,15 +199,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
|
|
a85e8e |
goto fail;
|
|
|
a85e8e |
}
|
|
|
a85e8e |
|
|
|
a85e8e |
- memset (params, 0, 16384);
|
|
|
a85e8e |
+ grub_memset (params, 0, 16384);
|
|
|
a85e8e |
|
|
|
a85e8e |
- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
|
|
|
a85e8e |
- {
|
|
|
a85e8e |
- if (!grub_errno)
|
|
|
a85e8e |
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
|
a85e8e |
- argv[0]);
|
|
|
a85e8e |
- goto fail;
|
|
|
a85e8e |
- }
|
|
|
a85e8e |
+ grub_memcpy (&lh, kernel, sizeof (lh));
|
|
|
a85e8e |
|
|
|
a85e8e |
if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
|
|
|
a85e8e |
{
|
|
|
a85e8e |
@@ -271,27 +261,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
|
|
a85e8e |
goto fail;
|
|
|
a85e8e |
}
|
|
|
a85e8e |
|
|
|
a85e8e |
- if (grub_file_seek (file, start) == (grub_off_t) -1)
|
|
|
a85e8e |
- {
|
|
|
a85e8e |
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
|
a85e8e |
- argv[0]);
|
|
|
a85e8e |
- goto fail;
|
|
|
a85e8e |
- }
|
|
|
a85e8e |
+ grub_memcpy (kernel_mem, (char *)kernel + start, len);
|
|
|
a85e8e |
+ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
|
|
|
a85e8e |
+ loaded=1;
|
|
|
a85e8e |
|
|
|
a85e8e |
- if (grub_file_read (file, kernel_mem, len) != len && !grub_errno)
|
|
|
a85e8e |
- {
|
|
|
a85e8e |
- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
|
a85e8e |
- argv[0]);
|
|
|
a85e8e |
- }
|
|
|
a85e8e |
-
|
|
|
a85e8e |
- if (grub_errno == GRUB_ERR_NONE)
|
|
|
a85e8e |
- {
|
|
|
a85e8e |
- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
|
|
|
a85e8e |
- loaded = 1;
|
|
|
a85e8e |
- lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
|
|
|
a85e8e |
- }
|
|
|
a85e8e |
-
|
|
|
a85e8e |
- memcpy(params, &lh, 2 * 512);
|
|
|
a85e8e |
+ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
|
|
|
a85e8e |
+ grub_memcpy (params, &lh, 2 * 512);
|
|
|
a85e8e |
|
|
|
a85e8e |
params->type_of_loader = 0x21;
|
|
|
a85e8e |
|
|
|
a85e8e |
@@ -300,6 +275,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
|
|
a85e8e |
if (file)
|
|
|
a85e8e |
grub_file_close (file);
|
|
|
a85e8e |
|
|
|
a85e8e |
+ if (kernel)
|
|
|
a85e8e |
+ grub_free (kernel);
|
|
|
a85e8e |
+
|
|
|
a85e8e |
if (grub_errno != GRUB_ERR_NONE)
|
|
|
a85e8e |
{
|
|
|
a85e8e |
grub_dl_unref (my_mod);
|
|
|
a85e8e |
--
|
|
|
a85e8e |
2.13.0
|
|
|
a85e8e |
|