1From 4b4027b6b1c877d7ab467896b04c7bd1aadcfa15 Mon Sep 17 00:00:00 2001 2From: Marco A Benatto <mbenatto@redhat.com> 3Date: Mon, 30 Nov 2020 12:18:24 -0300 4Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in 5 grub_xnu_writetree_toheap() 6 7... to avoid memory leaks. 8 9Fixes: CID 96640 10 11Signed-off-by: Marco A Benatto <mbenatto@redhat.com> 12Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 13Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 14--- 15 grub-core/loader/xnu.c | 24 ++++++++++++++++++++---- 16 1 file changed, 20 insertions(+), 4 deletions(-) 17 18diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c 19index eb14462..1a590db 100644 20--- a/grub-core/loader/xnu.c 21+++ b/grub-core/loader/xnu.c 22@@ -227,26 +227,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) 23 if (! memorymap) 24 return grub_errno; 25 26- driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey)); 27+ driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey)); 28 if (! driverkey) 29 return grub_errno; 30 driverkey->name = grub_strdup ("DeviceTree"); 31 if (! driverkey->name) 32- return grub_errno; 33+ { 34+ err = grub_errno; 35+ goto fail; 36+ } 37+ 38 driverkey->datasize = sizeof (*extdesc); 39 driverkey->next = memorymap->first_child; 40 memorymap->first_child = driverkey; 41 driverkey->data = extdesc 42 = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc)); 43 if (! driverkey->data) 44- return grub_errno; 45+ { 46+ err = grub_errno; 47+ goto fail; 48+ } 49 50 /* Allocate the space based on the size with dummy value. */ 51 *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/"); 52 err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE), 53 &src, target); 54 if (err) 55- return err; 56+ goto fail; 57 58 /* Put real data in the dummy. */ 59 extdesc->addr = *target; 60@@ -255,6 +262,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) 61 /* Write the tree to heap. */ 62 grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/"); 63 return GRUB_ERR_NONE; 64+ 65+ fail: 66+ memorymap->first_child = NULL; 67+ 68+ grub_free (driverkey->data); 69+ grub_free (driverkey->name); 70+ grub_free (driverkey); 71+ 72+ return err; 73 } 74 75 /* Find a key or value in parent key. */ 76-- 772.14.2 78 79