1From db29073fc7aec71a40dabfc722a96ea9f3280907 Mon Sep 17 00:00:00 2001
2From: Daniel Axtens <dja@axtens.net>
3Date: Thu, 21 Jan 2021 18:35:22 +1100
4Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found
5
6Clean up a bunch of cases where we could have strstr() fail and lead to
7us dereferencing NULL.
8
9We'll still leak memory in some cases (loops don't clean up allocations
10from earlier iterations if a later iteration fails) but at least we're
11not crashing.
12
13Signed-off-by: Daniel Axtens <dja@axtens.net>
14Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
15Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
16---
17 grub-core/disk/lvm.c | 22 +++++++++++++++++-----
18 1 file changed, 17 insertions(+), 5 deletions(-)
19
20diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
21index 8e560f3..bd5ae87 100644
22--- a/grub-core/disk/lvm.c
23+++ b/grub-core/disk/lvm.c
24@@ -539,7 +539,16 @@ grub_lvm_detect (grub_disk_t disk,
25 			}
26
27 		      if (seg->node_count != 1)
28-			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
29+			{
30+			  seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
31+			  if (p == NULL)
32+			    {
33+#ifdef GRUB_UTIL
34+			      grub_util_info ("unknown stripe_size");
35+#endif
36+			      goto lvs_segment_fail;
37+			    }
38+			}
39
40 		      seg->nodes = grub_calloc (seg->node_count,
41 						sizeof (*stripe));
42@@ -559,7 +568,7 @@ grub_lvm_detect (grub_disk_t disk,
43 			{
44 			  p = grub_strchr (p, '"');
45 			  if (p == NULL)
46-			    continue;
47+			    goto lvs_segment_fail2;
48 			  q = ++p;
49 			  while (*q != '"')
50 			    q++;
51@@ -578,7 +587,10 @@ grub_lvm_detect (grub_disk_t disk,
52 			  stripe->start = grub_lvm_getvalue (&p, ",")
53 			    * vg->extent_size;
54 			  if (p == NULL)
55-			    continue;
56+			    {
57+			      grub_free (stripe->name);
58+			      goto lvs_segment_fail2;
59+			    }
60
61 			  stripe++;
62 			}
63@@ -615,7 +627,7 @@ grub_lvm_detect (grub_disk_t disk,
64
65 			  p = grub_strchr (p, '"');
66 			  if (p == NULL)
67-			    continue;
68+			    goto lvs_segment_fail2;
69 			  q = ++p;
70 			  while (*q != '"')
71 			    q++;
72@@ -703,7 +715,7 @@ grub_lvm_detect (grub_disk_t disk,
73 			  p = p ? grub_strchr (p + 1, '"') : 0;
74 			  p = p ? grub_strchr (p + 1, '"') : 0;
75 			  if (p == NULL)
76-			    continue;
77+			    goto lvs_segment_fail2;
78 			  q = ++p;
79 			  while (*q != '"')
80 			    q++;
81--
822.14.2
83
84