[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 088/117] disk/lvm: Bail on missing PV list
|
From: |
Daniel Kiper |
|
Subject: |
[SECURITY PATCH 088/117] disk/lvm: Bail on missing PV list |
|
Date: |
Tue, 2 Mar 2021 19:01:35 +0100 |
From: Daniel Axtens <dja@axtens.net>
There's an if block for the presence of "physical_volumes {", but if
that block is absent, then p remains NULL and a NULL-deref will result
when looking for logical volumes.
It doesn't seem like LVM makes sense without physical volumes, so error
out rather than crashing.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/disk/lvm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
index b70d7d79f..31bbc9acc 100644
--- a/grub-core/disk/lvm.c
+++ b/grub-core/disk/lvm.c
@@ -409,6 +409,8 @@ grub_lvm_detect (grub_disk_t disk,
goto fail4;
}
}
+ else
+ goto fail4;
p = grub_strstr (p, "logical_volumes {");
if (p)
--
2.11.0
- [SECURITY PATCH 077/117] fs/jfs: Limit the extents that getblk() can consider, (continued)
- [SECURITY PATCH 077/117] fs/jfs: Limit the extents that getblk() can consider, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 084/117] io/gzio: Catch missing values in huft_build() and bail, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 086/117] disk/lvm: Don't go beyond the end of the data we read from disk, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 087/117] disk/lvm: Don't blast past the end of the circular metadata buffer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 089/117] disk/lvm: Do not crash if an expected string is not found, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 085/117] io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 091/117] disk/lvm: Sanitize rlocn->offset to prevent wild read, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 096/117] kern/parser: Introduce process_char() helper, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 097/117] kern/parser: Introduce terminate_arg() helper, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 080/117] fs/nilfs2: Don't search children if provided number is too large, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 088/117] disk/lvm: Bail on missing PV list,
Daniel Kiper <=
- [SECURITY PATCH 099/117] kern/buffer: Add variable sized heap buffer, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 076/117] fs/jfs: Do not move to leaf level if name length is negative, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 075/117] fs/sfs: Fix over-read of root object name, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 074/117] fs/hfs: Disable under lockdown, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 094/117] fs/btrfs: Squash some uninitialized reads, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 081/117] fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 093/117] fs/btrfs: Validate the number of stripes/parities in RAID5/6, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 090/117] disk/lvm: Do not overread metadata, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 095/117] kern/parser: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 092/117] disk/lvm: Do not allow a LV to be it's own segment's node's LV, Daniel Kiper, 2021/03/02