From e9b6e755fd0f4fcfac36c149d2c74cc2d483d65a Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Thu, 21 Jan 2021 18:35:22 +1100 Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found Clean up a bunch of cases where we could have strstr() fail and lead to us dereferencing NULL. We'll still leak memory in some cases (loops don't clean up allocations from earlier iterations if a later iteration fails) but at least we're not crashing. Reference: http://git.savannah.gnu.org/cgit/grub.git/commit/?id=db29073fc7aec71a40dabfc722a96ea9f3280907 Signed-off-by: Daniel Axtens Reviewed-by: Daniel Kiper --- grub-core/disk/lvm.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c index 944c398..85ee89c 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -540,7 +540,16 @@ grub_lvm_detect (grub_disk_t disk, } if (seg->node_count != 1) - seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + { + seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + if (p == NULL) + { +#ifdef GRUB_UTIL + grub_util_info ("unknown stripe_size"); +#endif + goto lvs_segment_fail; + } + } seg->nodes = grub_calloc (seg->node_count, sizeof (*stripe)); @@ -560,7 +569,7 @@ grub_lvm_detect (grub_disk_t disk, { p = grub_strchr (p, '"'); if (p == NULL) - continue; + goto lvs_segment_fail2; q = ++p; while (*q != '"') q++; @@ -579,7 +588,10 @@ grub_lvm_detect (grub_disk_t disk, stripe->start = grub_lvm_getvalue (&p, ",") * vg->extent_size; if (p == NULL) - continue; + { + grub_free (stripe->name); + goto lvs_segment_fail2; + } stripe++; } @@ -616,7 +628,7 @@ grub_lvm_detect (grub_disk_t disk, p = grub_strchr (p, '"'); if (p == NULL) - continue; + goto lvs_segment_fail2; q = ++p; while (*q != '"') q++; @@ -704,7 +716,7 @@ grub_lvm_detect (grub_disk_t disk, p = p ? grub_strchr (p + 1, '"') : 0; p = p ? grub_strchr (p + 1, '"') : 0; if (p == NULL) - continue; + goto lvs_segment_fail2; q = ++p; while (*q != '"') q++; -- 2.19.1