1*4882a593SmuzhiyunFrom db29073fc7aec71a40dabfc722a96ea9f3280907 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Daniel Axtens <dja@axtens.net> 3*4882a593SmuzhiyunDate: Thu, 21 Jan 2021 18:35:22 +1100 4*4882a593SmuzhiyunSubject: [PATCH] disk/lvm: Do not crash if an expected string is not found 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunClean up a bunch of cases where we could have strstr() fail and lead to 7*4882a593Smuzhiyunus dereferencing NULL. 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunWe'll still leak memory in some cases (loops don't clean up allocations 10*4882a593Smuzhiyunfrom earlier iterations if a later iteration fails) but at least we're 11*4882a593Smuzhiyunnot crashing. 12*4882a593Smuzhiyun 13*4882a593SmuzhiyunSigned-off-by: Daniel Axtens <dja@axtens.net> 14*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com> 15*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> 16*4882a593Smuzhiyun--- 17*4882a593Smuzhiyun grub-core/disk/lvm.c | 22 +++++++++++++++++----- 18*4882a593Smuzhiyun 1 file changed, 17 insertions(+), 5 deletions(-) 19*4882a593Smuzhiyun 20*4882a593Smuzhiyundiff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c 21*4882a593Smuzhiyunindex 8e560f3..bd5ae87 100644 22*4882a593Smuzhiyun--- a/grub-core/disk/lvm.c 23*4882a593Smuzhiyun+++ b/grub-core/disk/lvm.c 24*4882a593Smuzhiyun@@ -539,7 +539,16 @@ grub_lvm_detect (grub_disk_t disk, 25*4882a593Smuzhiyun } 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun if (seg->node_count != 1) 28*4882a593Smuzhiyun- seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); 29*4882a593Smuzhiyun+ { 30*4882a593Smuzhiyun+ seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); 31*4882a593Smuzhiyun+ if (p == NULL) 32*4882a593Smuzhiyun+ { 33*4882a593Smuzhiyun+#ifdef GRUB_UTIL 34*4882a593Smuzhiyun+ grub_util_info ("unknown stripe_size"); 35*4882a593Smuzhiyun+#endif 36*4882a593Smuzhiyun+ goto lvs_segment_fail; 37*4882a593Smuzhiyun+ } 38*4882a593Smuzhiyun+ } 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun seg->nodes = grub_calloc (seg->node_count, 41*4882a593Smuzhiyun sizeof (*stripe)); 42*4882a593Smuzhiyun@@ -559,7 +568,7 @@ grub_lvm_detect (grub_disk_t disk, 43*4882a593Smuzhiyun { 44*4882a593Smuzhiyun p = grub_strchr (p, '"'); 45*4882a593Smuzhiyun if (p == NULL) 46*4882a593Smuzhiyun- continue; 47*4882a593Smuzhiyun+ goto lvs_segment_fail2; 48*4882a593Smuzhiyun q = ++p; 49*4882a593Smuzhiyun while (*q != '"') 50*4882a593Smuzhiyun q++; 51*4882a593Smuzhiyun@@ -578,7 +587,10 @@ grub_lvm_detect (grub_disk_t disk, 52*4882a593Smuzhiyun stripe->start = grub_lvm_getvalue (&p, ",") 53*4882a593Smuzhiyun * vg->extent_size; 54*4882a593Smuzhiyun if (p == NULL) 55*4882a593Smuzhiyun- continue; 56*4882a593Smuzhiyun+ { 57*4882a593Smuzhiyun+ grub_free (stripe->name); 58*4882a593Smuzhiyun+ goto lvs_segment_fail2; 59*4882a593Smuzhiyun+ } 60*4882a593Smuzhiyun 61*4882a593Smuzhiyun stripe++; 62*4882a593Smuzhiyun } 63*4882a593Smuzhiyun@@ -615,7 +627,7 @@ grub_lvm_detect (grub_disk_t disk, 64*4882a593Smuzhiyun 65*4882a593Smuzhiyun p = grub_strchr (p, '"'); 66*4882a593Smuzhiyun if (p == NULL) 67*4882a593Smuzhiyun- continue; 68*4882a593Smuzhiyun+ goto lvs_segment_fail2; 69*4882a593Smuzhiyun q = ++p; 70*4882a593Smuzhiyun while (*q != '"') 71*4882a593Smuzhiyun q++; 72*4882a593Smuzhiyun@@ -703,7 +715,7 @@ grub_lvm_detect (grub_disk_t disk, 73*4882a593Smuzhiyun p = p ? grub_strchr (p + 1, '"') : 0; 74*4882a593Smuzhiyun p = p ? grub_strchr (p + 1, '"') : 0; 75*4882a593Smuzhiyun if (p == NULL) 76*4882a593Smuzhiyun- continue; 77*4882a593Smuzhiyun+ goto lvs_segment_fail2; 78*4882a593Smuzhiyun q = ++p; 79*4882a593Smuzhiyun while (*q != '"') 80*4882a593Smuzhiyun q++; 81*4882a593Smuzhiyun-- 82*4882a593Smuzhiyun2.14.2 83*4882a593Smuzhiyun 84