new file mode 100644
@@ -0,0 +1,82 @@
+From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 12:48:07 +0000
+Subject: [PATCH] affs: Fix memory leaks
+
+The node structure reference is being allocated but not freed if it
+reaches the end of the function. If any of the hooks had returned
+a non-zero value, then node would have been copied in to the context
+reference, but otherwise node is not stored and should be freed.
+
+Similarly, the call to grub_affs_create_node() replaces the allocated
+memory in node with a newly allocated structure, leaking the existing
+memory pointed by node.
+
+Finally, when dir->parent is set, then we again replace node with newly
+allocated memory, which seems unnecessary when we copy in the values
+from dir->parent immediately after.
+
+Fixes: CID 73759
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/affs.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 220b371..230e26a 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ {
+ unsigned int i;
+ struct grub_affs_file file;
+- struct grub_fshelp_node *node = 0;
++ struct grub_fshelp_node *node, *orig_node;
+ struct grub_affs_data *data = dir->data;
+ grub_uint32_t *hashtable;
+
+ /* Create the directory entries for `.' and `..'. */
+- node = grub_zalloc (sizeof (*node));
++ node = orig_node = grub_zalloc (sizeof (*node));
+ if (!node)
+ return 1;
+
+@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ return 1;
+ if (dir->parent)
+ {
+- node = grub_zalloc (sizeof (*node));
+- if (!node)
+- return 1;
+ *node = *dir->parent;
+ if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
+ return 1;
+@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+
+ if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
+ next, &file))
+- return 1;
++ {
++ /* Node has been replaced in function. */
++ grub_free (orig_node);
++ return 1;
++ }
+
+ next = grub_be_to_cpu32 (file.next);
+ }
+ }
+
+- grub_free (hashtable);
+- return 0;
+-
+ fail:
+- grub_free (node);
++ grub_free (orig_node);
+ grub_free (hashtable);
+ return 0;
+ }
@@ -71,6 +71,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
file://0023-zfs-Fix-possible-integer-overflows.patch \
file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
+ file://0025-affs-Fix-memory-leaks.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
This patch fixes a memory leak in grub's affs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> --- .../files/0025-affs-Fix-memory-leaks.patch | 82 +++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch