From patchwork Fri Feb 18 10:05:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3754
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 838E2C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:20 +0000 (UTC)
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com
 [209.85.221.43])
 by mx.groups.io with SMTP id smtpd.web10.9073.1645178779023469290
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:19 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=d9UcXSag;
 spf=pass (domain: gmail.com, ip: 209.85.221.43,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f43.google.com with SMTP id d27so13636378wrc.6
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=pOtzSx++VtixBTphaVNWKRbxPTEH+b2sfi6cjjyOfvc=;
        b=d9UcXSagf8YroAGX9gvTWrxI6t3rVWQrMwWNYbzSCQWRWuMOMRtx121qNbHu9GMJAi
         pKytOXMSjq1907qpY0xKl2mk2IijqZSF6HAyA7ndqzbyv5NUVOrrhR7vKjAsoN4uzZSj
         y+Zh2fRfLMtBlK/L+Jlxsqon73bD5BA4ltMXENQ3OvCWnSKXr/AraLLZ5VaXmXrEr8nr
         UVg5GBwNGIktIuNvVJ7RpS4TP2I5ToEFe0bIHPSO/hLwkVDY9v+YYKydimczkc5YT8tw
         /oBUhy6/u1BVrObpN3VW5V231NhJLVWUP8gu0A0nSjvUdZQgrkwHAnpBnQU8lbmyvwZE
         ZFRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=pOtzSx++VtixBTphaVNWKRbxPTEH+b2sfi6cjjyOfvc=;
        b=4e2NXqRw3+UTKIgxqoWBCFGsUDp498T+6oHL8vru39pOMuybicSVqO6BSX/Cb/RNJ/
         nuILJBRJJQ57zgMy9JdZNz8bJ7sMNBPjowOoyi7jfznb0gFeWCL/ThCKrmZZGVEQSX9e
         BpDDv/H86rHqTkH0K0NSo5ugKFuKx6qLud/+e7Pwiodaq+1KJ/JCXCsQKWcmC4suLwoJ
         +zNYuFRc2rI2Y8gDlzhPgiSp/CI20K7WVam2hFT0kF7FplYcf3o/EG+XimuClLik/QXS
         z8iftdtVSKTWrOEU0jiq1N2pOKyLN+JU8ln7TA59qX4LAHB3dlimYrXtrEJY60329HmT
         QKkw==
X-Gm-Message-State: AOAM532ayL28lp4NO4OZAeo0bY6X7pwxW7F3yCAw0JT8T9JSiHnnva8Z
	qsOCJPWi4etcGk8olq0U5wo=
X-Google-Smtp-Source: 
 ABdhPJzri+o16lD46NOwpmX1mcB/Pz2X/GQvBiZWQLplo6HCm2qxX26q1AIph/MvXGdUW+WAu7yyow==
X-Received: by 2002:a5d:6701:0:b0:1e3:3ba6:d2e8 with SMTP id
 o1-20020a5d6701000000b001e33ba6d2e8mr5378223wru.221.1645178777570;
        Fri, 18 Feb 2022 02:06:17 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.16
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:17 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 01/46][dunfell] grub: fix a memory leak
Date: Fri, 18 Feb 2022 11:05:09 +0100
Message-Id: <20220218100554.1315511-2-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161889

Backport a fix for a memory leak in grub_mmap_iterate(). This patch
is a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...leak-when-iterating-over-mapped-memo.patch | 39 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  3 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch

diff --git a/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch b/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
new file mode 100644
index 0000000000..eaaa7effae
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
@@ -0,0 +1,39 @@
+From 0900f11def2e7fbb4880efff0cd9c9b32f1cdb86 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 3 Dec 2020 14:39:45 +0000
+Subject: [PATCH] mmap: Fix memory leak when iterating over mapped memory
+
+When returning from grub_mmap_iterate() the memory allocated to present
+is not being released causing it to leak.
+
+Fixes: CID 96655
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8cb2848f9699642a698af84b12ba187cab722031]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/mmap/mmap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 7ebf32e..8bf235f 100644
+--- a/grub-core/mmap/mmap.c
++++ b/grub-core/mmap/mmap.c
+@@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+ 		   hook_data))
+ 	{
+ 	  grub_free (ctx.scanline_events);
++	  grub_free (present);
+ 	  return GRUB_ERR_NONE;
+ 	}
+ 
+@@ -282,6 +283,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+     }
+ 
+   grub_free (ctx.scanline_events);
++  grub_free (present);
+   return GRUB_ERR_NONE;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 9b20e1c09b..a06beac5ef 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -47,7 +47,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2020-27779_7.patch \
            file://CVE-2020-25632.patch \
            file://CVE-2020-25647.patch \
-"
+           file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
+           "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
 

From patchwork Fri Feb 18 10:05:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3756
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79F52C4332F
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:21 +0000 (UTC)
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com
 [209.85.221.41])
 by mx.groups.io with SMTP id smtpd.web10.9074.1645178780137095868
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:20 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=m+sxxJtH;
 spf=pass (domain: gmail.com, ip: 209.85.221.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f41.google.com with SMTP id v12so13677023wrv.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=t0UIR1DpC180Nw0taSSdQ2F+4ueqBKOld/tbJWg3CLA=;
        b=m+sxxJtHrSR5ZNI/ZCgWb0RWoOz5wwHM2KEjKYZzW4+UoVbsU9uhxhMxyWQy+Xsc8U
         7n74bCvLJUrNrfqrE+/1idiIhMeQoD+iWeYu9BBhwU+YwSIbp62s/oVKnKjjd8MG7j4k
         3I+IgJ03Jrd864AVjDI7WAjpEZB/tLgJioUuSuDP6YoonsilwZpSdYtvH+AUHdndVUSF
         9OZJBpHqZr31jlI4xWiRQ4uQNCDUw3tmOnguf8ZWCGyaxDjzeGQO0/ggkoJtE6MSc2hE
         KqwuJUeaqKdBqeudorRIOdz9lU55MQG1ub3XesYU93ggFenoRmmVHhr6SwgH9DwdO7vN
         Q0jQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=t0UIR1DpC180Nw0taSSdQ2F+4ueqBKOld/tbJWg3CLA=;
        b=Pmpc2OTNbsauHxHXGm9FFpu5/xYfiauzpLqgsEpsteoqd4nlxXOwse6vMkD2tZKF+W
         9vMFiFCFEiZsrzUy7jQz2n5JWWvRproWmGYZASNUI1jXARianA09UZcuNh8mn2x8GMD1
         gcbaP8gRuu+Q0zoVCXEv/M4HO5uVONe6XWnASIEooL0kM3wtFKbK6E6MIZAMpkiT7nrm
         O6TbMvgPHnmKIi7mOYPX48IVbLjTvVSm/VUe9FcnwApgrMuXq1iy3kd6ynajYlopJClQ
         A/kmC+pdudoEeiQ+gB6jdyqwXv7DJ0truNTIBPfeyZdmrq8ncQRG9WdFi6Rfjxf+rg7y
         zx7Q==
X-Gm-Message-State: AOAM5328zWfrpXQxeo73Wku6/shfrjL3k+Nr2EtfhRvdYiHE0XMwV+aS
	N7eIklnzwUwgOLlGO0RJ+Yw=
X-Google-Smtp-Source: 
 ABdhPJwRtAH8drVt4en9Bgi+lD0NqCiduROjZxSzQfdl1Piz7aLnYljYR30xfC959rQYYD04djyboA==
X-Received: by 2002:adf:dd0d:0:b0:1e3:37ee:ab8 with SMTP id
 a13-20020adfdd0d000000b001e337ee0ab8mr5723007wrm.251.1645178778448;
        Fri, 18 Feb 2022 02:06:18 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:18 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 02/46][dunfell] grub: add a fix for a possible NULL
 dereference
Date: Fri, 18 Feb 2022 11:05:10 +0100
Message-Id: <20220218100554.1315511-3-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161890

This fix removes a possible NULL pointer dereference in grub
networking code. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ible-dereference-to-of-a-NULL-pointe.patch | 39 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch

diff --git a/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch b/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
new file mode 100644
index 0000000000..d00821f5c3
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
@@ -0,0 +1,39 @@
+From f216a75e884ed5e4e94bf86965000dde51148f94 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 27 Nov 2020 15:10:26 +0000
+Subject: [PATCH] net/net: Fix possible dereference to of a NULL pointer
+
+It is always possible that grub_zalloc() could fail, so we should check for
+a NULL return. Otherwise we run the risk of dereferencing a NULL pointer.
+
+Fixes: CID 296221
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03f2515ae0c503406f1a99a2178405049c6555db]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/net/net.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 38f19df..7c2cdf2 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -86,8 +86,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card,
+ 
+   /* Add sender to cache table.  */
+   if (card->link_layer_table == NULL)
+-    card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
+-					  * sizeof (card->link_layer_table[0]));
++    {
++      card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
++					    * sizeof (card->link_layer_table[0]));
++      if (card->link_layer_table == NULL)
++	return;
++    }
++
+   entry = &(card->link_layer_table[card->new_ll_entry]);
+   entry->avail = 1;
+   grub_memcpy (&entry->ll_address, ll, sizeof (entry->ll_address));
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a06beac5ef..2c0bff8fd0 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -48,6 +48,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2020-25632.patch \
            file://CVE-2020-25647.patch \
            file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
+           file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:11 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3755
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79226C433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:21 +0000 (UTC)
Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com
 [209.85.221.52])
 by mx.groups.io with SMTP id smtpd.web11.9175.1645178780820563036
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:21 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=abPPgJcr;
 spf=pass (domain: gmail.com, ip: 209.85.221.52,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f52.google.com with SMTP id m27so1842172wrb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=df1np1Zq/vo1edPT5QN52CSeFd04igwewxjlYNVdsEw=;
        b=abPPgJcrzmpQMzNTyHrWWiMqQn/U9BskJMns1/oJtCb+xbD2tCR/FtzTdzThER5dIb
         CDEWFu5pO45b5z0uVEpE/tr7e1lacjmM2V0lq6gyBhTgnBJ4T/drvykH8op95M1XU3aq
         I4swdntwdvYkvn24P9h+gw65aU4FGwrw0FuzTYCJzYoLhRweRUpDtGqKu75YV3ksMfKf
         Z9T6Eaqf639NQOrPvv9CcJEXJwXofz/XcQOQBqjWuf6BTzHclxLpEWY2VgBWUIY1G5V+
         wEVJqGg8I+eIs6G2VRUVyxfF6/eT/LtOKRc33RlNaV3sLsPPFI4ER1ghACxgkgDn6c4b
         aMrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=df1np1Zq/vo1edPT5QN52CSeFd04igwewxjlYNVdsEw=;
        b=66rRG98VusGB4fvrL7R1lrVbla46l3OUBYkCtFcTXP7YL6UD14rkQD5Nk7HWjfaXlO
         HJSdM8nVzyqDn4+MwQxSB07+4my5lOPrpjjLF88UuPliUTkyPeC4LSbe+Xf7XzLF8bFJ
         +Gw2pmqMG08jaFinlHXgHcs5Kopj2Bj+FQ+5annxznfOoEHuFtP3piY0aFaA/Pe5ZXZC
         KEi4+AA49PnV1aVRE4bE5qLR8R2jNQ+YjwflpWCmbGug3CdKdXbirGymGbGDqopJvrPk
         HKou/b/YOObiAy9ndXZQ2SC/kEir/HFXoNzkqKKsx6PsPu38WzfAXU9MruyUieJUBwWd
         fdcA==
X-Gm-Message-State: AOAM533fCOy5bqinWHUUmZuyRgUdmMPFJJsoQSzgKSS6sUjkUHPiytcA
	BkY1HDTmfJmTFHimysChc2A=
X-Google-Smtp-Source: 
 ABdhPJwzNEymSkTsdhVf8e9XHsMSCCpK8Y+gbUfP9k1uaGhy//BCxN9u/TIN1JLYWDSFcRAiTIp7pg==
X-Received: by 2002:a5d:58d7:0:b0:1e1:9215:8bb3 with SMTP id
 o23-20020a5d58d7000000b001e192158bb3mr5304787wrf.678.1645178779365;
        Fri, 18 Feb 2022 02:06:19 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:19 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 03/46][dunfell] grub: fix a dangling memory pointer
Date: Fri, 18 Feb 2022 11:05:11 +0100
Message-Id: <20220218100554.1315511-4-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161891

This change fixes a dangling memory pointer in the grub TFTP code.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...net-tftp-Fix-dangling-memory-pointer.patch | 33 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch

diff --git a/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch b/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch
new file mode 100644
index 0000000000..3b4633507d
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch
@@ -0,0 +1,33 @@
+From 09cc0df477758b60f51fbc0da1dee2f5d54c333d Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 19 Feb 2021 17:12:23 +0000
+Subject: [PATCH] net/tftp: Fix dangling memory pointer
+
+The static code analysis tool, Parfait, reported that the valid of
+file->data was left referencing memory that was freed by the call to
+grub_free(data) where data was initialized from file->data.
+
+To ensure that there is no unintentional access to this memory
+referenced by file->data we should set the pointer to NULL.
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0cb838b281a68b536a09681f9557ea6a7ac5da7a]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/net/tftp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
+index 7d90bf6..f76b19f 100644
+--- a/grub-core/net/tftp.c
++++ b/grub-core/net/tftp.c
+@@ -468,6 +468,7 @@ tftp_close (struct grub_file *file)
+     }
+   destroy_pq (data);
+   grub_free (data);
++  file->data = NULL;
+   return GRUB_ERR_NONE;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2c0bff8fd0..678aa5c4e2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -49,6 +49,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2020-25647.patch \
            file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
            file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
+           file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:12 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3757
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 98CAFC433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:23 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.web09.9114.1645178782071145580
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:22 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=pQGTxWXp;
 spf=pass (domain: gmail.com, ip: 209.85.221.53,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f53.google.com with SMTP id v12so13677189wrv.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=dH/vFu0PyJo8ct9F/gGHDBCxmbgQL3CldTYkZbJavY4=;
        b=pQGTxWXpyY/iwrmeyREbseygASIJNJQUlawfF704QCRGmti6BirD2h3vwoZoxX/cu6
         WHBCuy2gufSKXd0XLoROCWadPJ7Z0nu6eW4+F6e8TLnrcjJYeOmI3JYDFwVNGdGlr0ML
         GUGE/vvuk45JqR+IfSy4p022Xan42h0IzAXxBVwcdWd2FoFNC+epPjfV4YfWXS3Wlt3R
         ZNFES94NWYkIfTjqpCG96sOnoTYZ4tcX+E8G47Y20nB41X9OL7e7ZPErD/KkwbHcXl3b
         XURN+6eyYsnfHvhmMOUspczqxX2EWlXEWYovpRDnkQvkz3ER2gZqZs+PbFaXmFh3XV+0
         h9bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=dH/vFu0PyJo8ct9F/gGHDBCxmbgQL3CldTYkZbJavY4=;
        b=i/KRJQkFjHtNg9ahiAyMEgv+zNNPwOiwmbtXGpH58ZHsYC7fjnqCKShkQAgyTLBrPP
         FCNV1cY1/rd/T6cDE0a7h1xHysjZaY9+aazOMmVkXrMa1DsrKoH2TtoQNSjwmUD5Q/GC
         E0mK7Kk4jC7gTXPwi8BxebqyRe6Z1/WOtuLkuNdGbqbON2d8vaz8p/eC/WGwgjf6rPD3
         DFtr+hnl3YXpCJATCXQaOOlrZygeern/f8ykxlGxNPat3lsbRV1BjqszGGqsresveeBb
         Tkj2pU91uzD8bTObRQWkB/3RScgMPkMX8lo//lLthrXjihhiFhQpLYjVVtcUD8CqpevE
         +PCQ==
X-Gm-Message-State: AOAM533dhZXmvGnQhHuuCQ80R0iuWZ+Vywx94CE1TWhtMvIlcfnQZCyV
	IBbl0+n88RZwWWesuEty/4M=
X-Google-Smtp-Source: 
 ABdhPJxa10OHzCBvgsVxQY7jmVep2iqD3vRPzbvqO0LELCWcbLGK5nrPYfVoVkGp51elnuMfpxhPgA==
X-Received: by 2002:adf:ef44:0:b0:1e4:99e8:a65e with SMTP id
 c4-20020adfef44000000b001e499e8a65emr5656017wrp.365.1645178780545;
        Fri, 18 Feb 2022 02:06:20 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:20 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 04/46][dunfell] grub: fix wrong handling of argc == 0
Date: Fri, 18 Feb 2022 11:05:12 +0100
Message-Id: <20220218100554.1315511-5-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161892

This change fixes wrong handling of argc == 0 causing a memory leak.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...n-parser-Fix-resource-leak-if-argc-0.patch | 50 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch

diff --git a/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch b/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch
new file mode 100644
index 0000000000..933416605c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch
@@ -0,0 +1,50 @@
+From 8861fa6226f7229105722ba669465e879b56ee2b Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 22 Jan 2021 12:32:41 +0000
+Subject: [PATCH] kern/parser: Fix resource leak if argc == 0
+
+After processing the command-line yet arriving at the point where we are
+setting argv, we are allocating memory, even if argc == 0, which makes
+no sense since we never put anything into the allocated argv.
+
+The solution is to simply return that we've successfully processed the
+arguments but that argc == 0, and also ensure that argv is NULL when
+we're not allocating anything in it.
+
+There are only 2 callers of this function, and both are handling a zero
+value in argc assuming nothing is allocated in argv.
+
+Fixes: CID 96680
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d06161b035dde4769199ad65aa0a587a5920012b]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/kern/parser.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 619db31..d1cf061 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline,
+   int i;
+ 
+   *argc = 0;
++  *argv = NULL;
+   do
+     {
+       if (!rd || !*rd)
+@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline,
+       (*argc)++;
+     }
+ 
++  /* If there are no args, then we're done. */
++  if (!*argc)
++    return 0;
++
+   /* Reserve memory for the return values.  */
+   args = grub_malloc (bp - buffer);
+   if (!args)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 678aa5c4e2..2e4e6d7ac2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -50,6 +50,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
            file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
            file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
+           file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:13 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3758
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8306AC433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:24 +0000 (UTC)
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com
 [209.85.221.54])
 by mx.groups.io with SMTP id smtpd.web10.9076.1645178783127145607
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:23 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=hx/UhNJf;
 spf=pass (domain: gmail.com, ip: 209.85.221.54,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f54.google.com with SMTP id m27so1842343wrb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=ipHLwKzUJ9DDY3JSicwIJL4Yim1CBEZ6DxZrxkli7ps=;
        b=hx/UhNJfffiw0OWWCS/+wHH5dMpTOsgsTW5Tbhn2KSiGdqxsTfACnKS6XP8Kin352w
         U0aqlYvu6uNZUZAZcNEsSd9xBkLVLAw3QZuSA9E4aooJ6fZfPQVmB+VktPSz3q+tzPDj
         Ah62Xg9KC2GRUnZ2Q16ycs00NPbTeBUZ7hOj8/xSM5MDMAI6U0G2tps5bD0JZptRh9fN
         uVKge2XN4WQU+swH7VMXWBMVnvlMdbO2c5uptl5SvR9DnadKg+mNq5ifgBcmffM3/maE
         w2/a1dcy47ywffng1ueKxkPVJ2HdvM63dPeBLg5mu42swBd3ol1pTOEr981GtaiCgnTG
         UYxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=ipHLwKzUJ9DDY3JSicwIJL4Yim1CBEZ6DxZrxkli7ps=;
        b=wXOLWFKEg5cK/ij2MfNaPop0wbVhny9gycn0gy2VxZb3HxrQj3BX3mg4pLm9tZPv5a
         uSoYZdsIARdTQE0/5tJIDJtS3m9C/QiUZMUdu2JSICD8Ge92GwU7Qh5vZV7i75nt5nAQ
         GaU8G4sBf9vA0Kkz/0QXnALYamwtcNhFKCX1uHAR/79E+8jyjyVp/5QF93c90vdOaqS2
         isvopz6ihJh3faSTqZz1Yndc60UY88rXOMytcRgkaoQojXa29UWDaUO1ILJw+tn8MeJO
         m+Eaqb8+C5Zmf986lB2fp62iBlArEcoUwR+l5784ZfhYlRMSqICOHADKoiycNUpNlUQp
         Rm9w==
X-Gm-Message-State: AOAM5303pRhKBEgeOnzyiPDyXX+4y2x+BNfqTxjjNTaQFjrmji4PhfDi
	r+5/Ri/iHunfpYPZLSmihas=
X-Google-Smtp-Source: 
 ABdhPJxcjYWyu0TGNSfESXhBH+QP77Edw6Ub1vnKxnNe9OyIP4Hw+mP5xt2H/nEjp7cRVGxD2mxZBA==
X-Received: by 2002:adf:816c:0:b0:1e6:88a9:eb6c with SMTP id
 99-20020adf816c000000b001e688a9eb6cmr5380703wrm.645.1645178781592;
        Fri, 18 Feb 2022 02:06:21 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:21 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 05/46][dunfell] grub: add a fix for malformed device path
 handling
Date: Fri, 18 Feb 2022 11:05:13 +0100
Message-Id: <20220218100554.1315511-6-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161893

This change fixes the malformed device paths in EFI handling.
Device paths of length 4 or shorter could cause different
kinds of unexpected behaviours.

This patch is NOT a part of [1], but is a dependency of one
of the patches included in the series.

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...formed-device-path-arithmetic-errors.patch | 235 ++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 2 files changed, 236 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch

diff --git a/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch b/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
new file mode 100644
index 0000000000..04748befc8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
@@ -0,0 +1,235 @@
+From 16a4d739b19f8680cf93a3c8fa0ae9fc1b1c310b Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Sun, 19 Jul 2020 16:53:27 -0400
+Subject: [PATCH] efi: Fix some malformed device path arithmetic errors
+
+Several places we take the length of a device path and subtract 4 from
+it, without ever checking that it's >= 4. There are also cases where
+this kind of malformation will result in unpredictable iteration,
+including treating the length from one dp node as the type in the next
+node. These are all errors, no matter where the data comes from.
+
+This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
+can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
+return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
+the length is too small. Additionally, it makes several places in the
+code check for and return errors in these cases.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d2cf823d0e31818d1b7a223daff6d5e006596543]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/kern/efi/efi.c           | 64 +++++++++++++++++++++++++-----
+ grub-core/loader/efi/chainloader.c | 13 +++++-
+ grub-core/loader/i386/xnu.c        |  9 +++--
+ include/grub/efi/api.h             | 14 ++++---
+ 4 files changed, 79 insertions(+), 21 deletions(-)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index ad170c7..6a38080 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -360,7 +360,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 
+   dp = dp0;
+ 
+-  while (1)
++  while (dp)
+     {
+       grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+       grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -370,9 +370,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+       if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
+ 	       && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
+ 	{
+-	  grub_efi_uint16_t len;
+-	  len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
+-		 / sizeof (grub_efi_char16_t));
++	  grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++
++	  if (len < 4)
++	    {
++	      grub_error (GRUB_ERR_OUT_OF_RANGE,
++			  "malformed EFI Device Path node has length=%d", len);
++	      return NULL;
++	    }
++	  len = (len - 4) / sizeof (grub_efi_char16_t);
+ 	  filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2;
+ 	}
+ 
+@@ -388,7 +394,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+   if (!name)
+     return NULL;
+ 
+-  while (1)
++  while (dp)
+     {
+       grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+       grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -404,8 +410,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 
+ 	  *p++ = '/';
+ 
+-	  len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
+-		 / sizeof (grub_efi_char16_t));
++	  len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++	  if (len < 4)
++	    {
++	      grub_error (GRUB_ERR_OUT_OF_RANGE,
++			  "malformed EFI Device Path node has length=%d", len);
++	      return NULL;
++	    }
++
++	  len = (len - 4) / sizeof (grub_efi_char16_t);
+ 	  fp = (grub_efi_file_path_device_path_t *) dp;
+ 	  /* According to EFI spec Path Name is NULL terminated */
+ 	  while (len > 0 && fp->path_name[len - 1] == 0)
+@@ -480,7 +493,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp)
+        ;
+        p = GRUB_EFI_NEXT_DEVICE_PATH (p))
+     {
+-      total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p);
++      grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p);
++
++      /*
++       * In the event that we find a node that's completely garbage, for
++       * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size
++       * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and
++       * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue,
++       * and neither should our consumers, but there won't be any error raised
++       * even though the device path is junk.
++       *
++       * This keeps us from passing junk down back to our caller.
++       */
++      if (len < 4)
++	{
++	  grub_error (GRUB_ERR_OUT_OF_RANGE,
++		      "malformed EFI Device Path node has length=%d", len);
++	  return NULL;
++	}
++
++      total_size += len;
+       if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p))
+ 	break;
+     }
+@@ -525,7 +557,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor)
+ void
+ grub_efi_print_device_path (grub_efi_device_path_t *dp)
+ {
+-  while (1)
++  while (GRUB_EFI_DEVICE_PATH_VALID (dp))
+     {
+       grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+       grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -937,7 +969,10 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
+     /* Return non-zero.  */
+     return 1;
+ 
+-  while (1)
++  if (dp1 == dp2)
++    return 0;
++
++  while (GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
+     {
+       grub_efi_uint8_t type1, type2;
+       grub_efi_uint8_t subtype1, subtype2;
+@@ -973,5 +1008,14 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
+       dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2);
+     }
+ 
++  /*
++   * There's no "right" answer here, but we probably don't want to call a valid
++   * dp and an invalid dp equal, so pick one way or the other.
++   */
++  if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && !GRUB_EFI_DEVICE_PATH_VALID (dp2))
++    return 1;
++  else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
++    return -1;
++
+   return 0;
+ }
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index daf8c6b..a8d7b91 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -156,9 +156,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
+ 
+   size = 0;
+   d = dp;
+-  while (1)
++  while (d)
+     {
+-      size += GRUB_EFI_DEVICE_PATH_LENGTH (d);
++      grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d);
++
++      if (len < 4)
++	{
++	  grub_error (GRUB_ERR_OUT_OF_RANGE,
++		      "malformed EFI Device Path node has length=%d", len);
++	  return NULL;
++	}
++
++      size += len;
+       if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d)))
+ 	break;
+       d = GRUB_EFI_NEXT_DEVICE_PATH (d);
+diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
+index b7d176b..c50cb54 100644
+--- a/grub-core/loader/i386/xnu.c
++++ b/grub-core/loader/i386/xnu.c
+@@ -516,14 +516,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)),
+ 
+       devhead = buf;
+       buf = devhead + 1;
+-      dpstart = buf;
++      dp = dpstart = buf;
+ 
+-      do
++      while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend)
+ 	{
+-	  dp = buf;
+ 	  buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++	  if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
++	    break;
++	  dp = buf;
+ 	}
+-      while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend);
+ 
+       dev = grub_xnu_devprop_add_device (dpstart, (char *) buf
+ 					 - (char *) dpstart);
+diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
+index addcbfa..cf1355a 100644
+--- a/include/grub/efi/api.h
++++ b/include/grub/efi/api.h
+@@ -625,6 +625,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
+ #define GRUB_EFI_DEVICE_PATH_TYPE(dp)		((dp)->type & 0x7f)
+ #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp)	((dp)->subtype)
+ #define GRUB_EFI_DEVICE_PATH_LENGTH(dp)		((dp)->length)
++#define GRUB_EFI_DEVICE_PATH_VALID(dp)		((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4)
+ 
+ /* The End of Device Path nodes.  */
+ #define GRUB_EFI_END_DEVICE_PATH_TYPE			(0xff & 0x7f)
+@@ -633,13 +634,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
+ #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE		0x01
+ 
+ #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp)	\
+-  (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
+-   && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
+-       == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))
++  (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \
++   (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
++    && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
++	== GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)))
+ 
+ #define GRUB_EFI_NEXT_DEVICE_PATH(dp)	\
+-  ((grub_efi_device_path_t *) ((char *) (dp) \
+-                               + GRUB_EFI_DEVICE_PATH_LENGTH (dp)))
++  (GRUB_EFI_DEVICE_PATH_VALID (dp) \
++   ? ((grub_efi_device_path_t *) \
++      ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \
++   : NULL)
+ 
+ /* Hardware Device Path.  */
+ #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE		1
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2e4e6d7ac2..f7f2aa892f 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -51,6 +51,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
            file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
            file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \
+           file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:14 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3759
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7460DC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:25 +0000 (UTC)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com
 [209.85.128.53])
 by mx.groups.io with SMTP id smtpd.web08.8970.1645178784054249511
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:24 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=o8a0OJxC;
 spf=pass (domain: gmail.com, ip: 209.85.128.53,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f53.google.com with SMTP id
 l12-20020a7bc34c000000b003467c58cbdfso8200983wmj.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=lavZ0HhfiDzzi83m9ev0wzuGsdpwkqKjGPTXbKr2R7A=;
        b=o8a0OJxCRo8T+cFXLL4K2EJcbjJ+DAkiqjRtUzFX+PZtYOYxdJF6RJPnFwZAAFT+U4
         uhwLpZSbhq918KnCYmN/Og2lsAJBkVtdy54eFnSBqdwGvIK5bIgMsIQeyTHXVo/xVZGj
         gN+XPlU6jY7AxN/vHRWwvnJ4xsQyXFprbymgS2irPUvws59c1kKjEno/d+N+Y2O9P7Qu
         PTzLbjCyYxCSazGNqunpuyuVECNCKXrbhBwmLjMRBG73M8l2xyul3isvPDyJFyuw6/uI
         RJCFjBb95OJTWgBJhmu6gzF0yt83uIihm6dJBRJ0+ozkver2iYkouSMJjGxHMbcVi3aS
         WLPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=lavZ0HhfiDzzi83m9ev0wzuGsdpwkqKjGPTXbKr2R7A=;
        b=vhBsklxIfazGor02ImTfNorx2XzPaP1w9iZVsb5UYCj8NFwjrXRKG2U+lADPrpLK4x
         ItTh113/k9dYGjkqX/zHTA5drQFtF0dyfNo6dbYLUvnb5cPdF1lt7ioiOcmD96XbZxYB
         baxWGU+uK0j151M6JCEnzPuPgJVIXmzXmgg6WgGvxd3MeldOyGpnSJxnrgrSia3beMKi
         BOY9WVJpuoLTzWivsYZv+2ZS2TOfX+DSxNgnKmA8dh+kjlkagy7/SeYZDDBSvedm3Eec
         B78Ewu61Mk2jzvLqIyCkJci7JsWYYDrgFJynE4neHsMKG+4nE0UmWu9VatCUoR5pzWwG
         EDIw==
X-Gm-Message-State: AOAM530vSdey+gdKmyj8IzSQVu0CXr2COhe/nzJGfD5kujolrqp8BjEv
	0KZNAQP/baDcuiFafAZeOtU=
X-Google-Smtp-Source: 
 ABdhPJxGEeJEsyZsUtW12PNwxTXzyrxPO1eYEY3AWoIGrgf2PPiml//UX086vepxSC4OilraZ0d18g==
X-Received: by 2002:a05:600c:212:b0:37c:919b:3eba with SMTP id
 18-20020a05600c021200b0037c919b3ebamr9912750wmi.119.1645178782529;
        Fri, 18 Feb 2022 02:06:22 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:22 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 06/46][dunfell] grub: fix memory leak at error in
 grub_efi_get_filename()
Date: Fri, 18 Feb 2022 11:05:14 +0100
Message-Id: <20220218100554.1315511-7-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:25 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161894

This change fixes a memory leak on error in grub_efi_get_filename().
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...-kern-efi-Fix-memory-leak-on-failure.patch | 30 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch

diff --git a/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch b/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch
new file mode 100644
index 0000000000..9d7327cee6
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch
@@ -0,0 +1,30 @@
+From d4fd0243920b71cc6e03cc0cadf23b4fe03c352f Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:15:25 +0000
+Subject: [PATCH] kern/efi: Fix memory leak on failure
+
+Free the memory allocated to name before returning on failure.
+
+Fixes: CID 296222
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ed286ceba6015d37a9304f04602451c47bf195d7]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/kern/efi/efi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 6a38080..baeeef0 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -415,6 +415,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 	    {
+ 	      grub_error (GRUB_ERR_OUT_OF_RANGE,
+ 			  "malformed EFI Device Path node has length=%d", len);
++	      grub_free (name);
+ 	      return NULL;
+ 	    }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index f7f2aa892f..04ed8b7b23 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -52,6 +52,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
            file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \
            file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
+           file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:15 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3760
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72B37C4332F
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:25 +0000 (UTC)
Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com
 [209.85.221.49])
 by mx.groups.io with SMTP id smtpd.web11.9177.1645178784860673619
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:25 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=CJTFrrqq;
 spf=pass (domain: gmail.com, ip: 209.85.221.49,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f49.google.com with SMTP id u1so13612191wrg.11
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=zoK6QWrvubnTcrQPfuqquiWx/1qYluZBBobtf31i32I=;
        b=CJTFrrqqbmiMZDcDdOqWAyTep08cice3puPRsi95nR+h+3GVdO1hBS7hzguUnfl9gs
         hlBTC07Os3y1M7uO6AhWryDTSUo0BKLFN+30gH04T8okPqmgMXpc7Beb7ZEJvxBWyCuP
         bIgCr3BcClX3Y2uLVCvhslXHDoSORDhvcxx0MLJvi2jmKzT/UPFXuTMbJjcZlhLMpBfC
         Ng50V57IF547X3cEn6+vftsVhdSAUCO4sRd0xmFvpdbDfP6aIbRIoeJcJOssxVnBpFTG
         V6yrt8jUduXIQLCFrp8X+pMmymTsa+H5wqic1JbZyX/LMBO+R6RI+/lCQANsdNvl0itf
         sfeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=zoK6QWrvubnTcrQPfuqquiWx/1qYluZBBobtf31i32I=;
        b=Luh0MCxP8T9M1julcjVgS5eq137/1ZODVeiBYihQ6CTbNT+euOs89KsisJT/1QZWGT
         B0B6KUnhP35m8eIWuqgJYgtCLtAPCvAI0ZgQWi+nyY5PGZBz/8MdtllklfyebsZ1hCi1
         AQcK6M1eI7YFx2DN861KrLsDd+PodrXhd3UUEbdqlo/bzgibNTTNhGQ0KL4KcdSY8swI
         4s+0v3lMzchhkjuUUtA9VMzb/DdpLafo1HsaV3WrYYhEt8liq1wi12WQXgrL+XUJed+d
         4qH+gHPrzJlPP5mGRL2pdQOTv1ktBCiVJVUfxh+vkyJw+JqDnz9OetmXjupbg1xwJqFj
         FzcA==
X-Gm-Message-State: AOAM533o+0nkIP8ma8gYC9fq1bbBP3hvGkX7l/lwGh5UbWrT+Jo8OC2t
	I+B3jrf6z4LQDhyAq2CC+qY=
X-Google-Smtp-Source: 
 ABdhPJy9e7cJvEWcn0lvS9AAL+rMjs6QB8diSihQSJWc1Lw1fdyKvv3oYNHgN4DPw6iUDobAEe7Q8Q==
X-Received: by 2002:a5d:6f0a:0:b0:1e4:a354:a7e with SMTP id
 ay10-20020a5d6f0a000000b001e4a3540a7emr5368586wrb.423.1645178783434;
        Fri, 18 Feb 2022 02:06:23 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.22
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:23 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 07/46][dunfell] grub: add a fix for a possible NULL pointer
 dereference
Date: Fri, 18 Feb 2022 11:05:15 +0100
Message-Id: <20220218100554.1315511-8-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:25 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161895

This change fixes a possible NULL pointer dereference in grub's
EFI support. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ix-possible-NULL-pointer-dereference.patch | 65 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch

diff --git a/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch b/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
new file mode 100644
index 0000000000..d55709406b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
@@ -0,0 +1,65 @@
+From be03a18b8767be50f16a845c389fd5ed29aae055 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 11 Dec 2020 15:03:13 +0000
+Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference
+
+The model of grub_efi_get_memory_map() is that if memory_map is NULL,
+then the purpose is to discover how much memory should be allocated to
+it for the subsequent call.
+
+The problem here is that with grub_efi_is_finished set to 1, there is no
+check at all that the function is being called with a non-NULL memory_map.
+
+While this MAY be true, we shouldn't assume it.
+
+The solution to this is to behave as expected, and if memory_map is NULL,
+then don't try to use it and allow memory_map_size to be filled in, and
+return 0 as is done later in the code if the buffer is too small (or NULL).
+
+Additionally, drop unneeded ret = 1.
+
+Fixes: CID 96632
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6aee4bfd6973c714056fb7b56890b8d524e94ee1]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/kern/efi/mm.c | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index b02fab1..5afcef7 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -328,15 +328,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size,
+   if (grub_efi_is_finished)
+     {
+       int ret = 1;
+-      if (*memory_map_size < finish_mmap_size)
++
++      if (memory_map != NULL)
+ 	{
+-	  grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
+-	  ret = 0;
++	  if (*memory_map_size < finish_mmap_size)
++	    {
++	      grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
++	      ret = 0;
++	    }
++          else
++	    grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+ 	}
+       else
+ 	{
+-	  grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+-	  ret = 1;
++	  /*
++	   * Incomplete, no buffer to copy into, same as
++	   * GRUB_EFI_BUFFER_TOO_SMALL below.
++	   */
++	  ret = 0;
+ 	}
+       *memory_map_size = finish_mmap_size;
+       if (map_key)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 04ed8b7b23..46d65d8609 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -53,6 +53,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \
            file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
            file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
+           file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:16 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3761
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 742F1C433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:27 +0000 (UTC)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by mx.groups.io with SMTP id smtpd.web12.9106.1645178786144510730
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:26 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Sep19A0I;
 spf=pass (domain: gmail.com, ip: 209.85.128.54,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f54.google.com with SMTP id
 x3-20020a05600c21c300b0037c01ad715bso6006094wmj.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=LjI27LnK64nL9hqgiiXCvXM0WdUdi/2YsdU0oZvS2qo=;
        b=Sep19A0I6QgZmmxs8U1mMbmv/F1ecqRjLOSCCeF52xycUbRUaVXJ+LukYTEklURs1x
         yCF2nYguffTa67xuRVMZJhDzh+1Gd+BsCyTu/Zj+pICnDFMTqx0W4FIM9E5btsoZCQT8
         dYzhQOceUrxTtMiTUYcrNUJk5Q/TBc3gJkE0ON8r9G7A0I7C8nzEf2z27oZ4xDWklUFc
         XJFD2LR6KM+r+lqo31vEpQLMzC+QwTPx8n5IcSXfh3RM24iuF3BPkF6o0AWSfJmbLlK1
         zTagFjwOULZWiJGCH9FUpDFfsEFNGmsQe0X1Kpe6rNtx+olb2Qg/p03vDh2tkCzyo4R0
         q01g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=LjI27LnK64nL9hqgiiXCvXM0WdUdi/2YsdU0oZvS2qo=;
        b=3KinzkEiQxUngYWWEu7PnCr6o/0CvBvFRPTRdqpJj+zc/HsP2azhN2c7g2HkQQfcy1
         15Sh7IGDw55wtvFj9VGG38h30hDqdooMzGiMRhHq0+n4IbuzM1s3NtWDxEys76JJ8sKe
         w8X+ayiioirr4tHkjzftkeMHPl/afK3o7vx5RMlPlQcfEImKqjiYZbWRU1/FDUugjAKn
         7HJv+HH/a/ShyoxyJChnye1U040lQc45Gatw9phOVPpR663xdLD6DIIZv8LWMdrKiaAX
         xRb+MoFCVpNUXg5Aj/8rudcN5ef9QmJ15rwNDHMU2Aw7oOdulcAhns2xB/7MiTFP6fXz
         hZgQ==
X-Gm-Message-State: AOAM532nqHgDQYi0yuC7H28QUpP8jen+LuEvVjgRDwPiaJ0BI1HHWJ/h
	XPwqGjsyV5TjgVDNVUR5LYpitWjUQDU=
X-Google-Smtp-Source: 
 ABdhPJwaUIhBdQKHGoe2F4I3pUhb/xxNOvhVmjeV4io62K83HxMiui4DZUocHos12D6YyLsIsY6dDg==
X-Received: by 2002:a1c:7419:0:b0:37b:b96e:81a6 with SMTP id
 p25-20020a1c7419000000b0037bb96e81a6mr10038666wmc.8.1645178784668;
        Fri, 18 Feb 2022 02:06:24 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:24 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 08/46][dunfell] grub: add a fix for unused variable in gnulib
Date: Fri, 18 Feb 2022 11:05:16 +0100
Message-Id: <20220218100554.1315511-9-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:27 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161896

This changes adds a fix for an unused variable issue in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ulib-regexec-Resolve-unused-variable.patch | 59 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 60 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch

diff --git a/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch b/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch
new file mode 100644
index 0000000000..74ffb559e9
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch
@@ -0,0 +1,59 @@
+From 9d36bce5d516b6379ba3a0dd1a94a9c035838827 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 21 Oct 2020 14:41:27 +0000
+Subject: [PATCH] gnulib/regexec: Resolve unused variable
+
+This is a really minor issue where a variable is being assigned to but
+not checked before it is overwritten again.
+
+The reason for this issue is that we are not building with DEBUG set and
+this in turn means that the assert() that reads the value of the
+variable match_last is being processed out.
+
+The solution, move the assignment to match_last in to an ifdef DEBUG too.
+
+Fixes: CID 292459
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a983d36bd9178d377d2072fd4b11c635fdc404b4]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ conf/Makefile.extra-dist                           |  1 +
+ .../lib/gnulib-patches/fix-unused-value.patch      | 14 ++++++++++++++
+ 2 files changed, 15 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 46c4e95..9b01152 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
+ 
+diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch
+new file mode 100644
+index 0000000..ba51f1b
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-unused-value.patch
+@@ -0,0 +1,14 @@
++--- a/lib/regexec.c	2020-10-21 14:25:35.310195912 +0000
+++++ b/lib/regexec.c	2020-10-21 14:32:07.961765604 +0000
++@@ -828,7 +828,11 @@
++ 		    break;
++ 		  if (__glibc_unlikely (err != REG_NOMATCH))
++ 		    goto free_return;
+++#ifdef DEBUG
+++		  /* Only used for assertion below when DEBUG is set, otherwise
+++		     it will be over-written when we loop around.  */
++ 		  match_last = -1;
+++#endif
++ 		}
++ 	      else
++ 		break; /* We found a match.  */
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 46d65d8609..d2a1502d56 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -54,6 +54,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
            file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
            file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \
+           file://0008-gnulib-regexec-Resolve-unused-variable.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3762
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 753A9C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:28 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.web10.9077.1645178787362845226
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=TgE/Rd8C;
 spf=pass (domain: gmail.com, ip: 209.85.221.53,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f53.google.com with SMTP id i14so13610496wrc.10
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=k4JOUxZY34gIFTUXLfmNjZSRDRXLHRR2NZPNObTT/fs=;
        b=TgE/Rd8CfE+b7VctuzR5YOHwWR8G4fjcuR5wvGWBx94jFX739R+KfnufunKRY6BZKB
         n/Xh3ZXG4HB6sVFU2sjLPaz74hb0QFFwQtunj766icXIrKg7lGBLpRHdlCeWVbh0Qk0y
         FbcYUyUMeLqk0R79OAs5YnpLpYJ/ZEE9KijtQbdmR8e2mcsPTvrPq45VrbqT0bWWxNxr
         hcHuFHlvCHJER653dOTtl55phb/n6rhwHEzOHmp+q8reqd/Xw018elqw5jnEBHCMbWku
         AO/kXT5Gp1mtDAld43qEEswGLLFo/HtVFxpuhHoMJL8KPAC2EUiTuvaihsJ1zqpG6HIH
         YVtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=k4JOUxZY34gIFTUXLfmNjZSRDRXLHRR2NZPNObTT/fs=;
        b=WDwxXmyDmKzvWqLxhvQBvmJM02iYdXi3yUTG6SBszBT0dsSWnHwS7mOrEKfHdfR1D4
         9UM22D4nNHcG9FSeJccnzitY1RoUUFI9Gr3FU9N51DIjYaKMH5wym8VxqdMb5x+nJU8a
         yDFsBUmw+KSz5r1EyERLERRY30/qv79Qq49koOJistbzWXetflkVXBWB9F/wEFH/H9nL
         HMfvPBCEHCtxr/cmgVVIU330tTZFPLDOg2kCv1bH8aeDMtqVYAtVzXgRx2P9Vu2Ngupg
         o9RWTqFjzZ6zVnd1MeSJDy/u1rT8Ji2Wv72UxvkkIIejLAVDz2UgG+5Usw6uInFrZBsS
         8fZg==
X-Gm-Message-State: AOAM530NIKWQu2NbcQlVRUF/BYkukjMa6YgpQgG4m3u1UMGhmq8rGPWC
	eSBJo/dbGVooBM9Wy10nb44=
X-Google-Smtp-Source: 
 ABdhPJw+Nk2DyCoxnhO9PvJN95brMT5vlU14oRPe6RiZdmmrWDrcxGqZMs0jANEpbhulp52/pICX8Q==
X-Received: by 2002:a5d:548f:0:b0:1e3:3a93:1324 with SMTP id
 h15-20020a5d548f000000b001e33a931324mr5501250wrv.252.1645178785878;
        Fri, 18 Feb 2022 02:06:25 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:25 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 09/46][dunfell] grub: fix an unitialized token in gnulib
Date: Fri, 18 Feb 2022 11:05:17 +0100
Message-Id: <20220218100554.1315511-10-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161897

This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...mp-Fix-uninitialized-token-structure.patch | 53 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch

diff --git a/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch
new file mode 100644
index 0000000000..b6e3c7edbe
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch
@@ -0,0 +1,53 @@
+From 2af8df02cca7fd4b584575eac304cd03fa23f5cc Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 22 Oct 2020 13:54:06 +0000
+Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure
+
+The code is assuming that the value of br_token.constraint was
+initialized to zero when it wasn't.
+
+While some compilers will ensure that, not all do, so it is better to
+fix this explicitly than leave it to chance.
+
+Fixes: CID 73749
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=75c3d3cec4f408848f575d6d5e30a95bd6313db0]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ conf/Makefile.extra-dist                              |  1 +
+ .../lib/gnulib-patches/fix-uninit-structure.patch     | 11 +++++++++++
+ 2 files changed, 12 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 9b01152..9e55458 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+new file mode 100644
+index 0000000..7b4d9f6
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+@@ -0,0 +1,11 @@
++--- a/lib/regcomp.c	2020-10-22 13:49:06.770168928 +0000
+++++ b/lib/regcomp.c	2020-10-22 13:50:37.026528298 +0000
++@@ -3662,7 +3662,7 @@
++   Idx alloc = 0;
++ #endif /* not RE_ENABLE_I18N */
++   reg_errcode_t ret;
++-  re_token_t br_token;
+++  re_token_t br_token = {0};
++   bin_tree_t *tree;
++ 
++   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index d2a1502d56..df2c8b8a16 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -55,6 +55,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
            file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \
            file://0008-gnulib-regexec-Resolve-unused-variable.patch \
+           file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3763
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 75778C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:29 +0000 (UTC)
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com
 [209.85.221.41])
 by mx.groups.io with SMTP id smtpd.web10.9079.1645178788318551793
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=D7zN+eRI;
 spf=pass (domain: gmail.com, ip: 209.85.221.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f41.google.com with SMTP id o24so13661786wro.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=MtPCvJ42HAP2eVp5pg3KHSH7DPmKG/z69jl4B5lE7lA=;
        b=D7zN+eRIpvvfKd4ZQjPr9SZHtQMBQoHBoTthfJ4RKh72fI7Dh5POLvgCUWE3yt2wIc
         2WbglPhcYRUbHhjLuzj6ozlL5/4Xl9JwLlI6yLivGyweOsAJO+bT1m85qa7RUxh8Mx/n
         mtzYirbJ6HTpB/YV9A6fGbWJLssEXIEKBIWFl2uByhwv1Jc3gF33kMhmfbUkPvI5onUU
         jbD6hC2gLxOZslCKQxRS+lZzxIhFY4WpPeF6oThU2im/UU12WLCpF22AWmaxnbe5pew3
         5A9otu5uK/WtJYwk7U7oNEFjySBmr28M7eaMLSy5p74VUyIPqqJ0bh4lfesSoX1ztdrl
         AJvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=MtPCvJ42HAP2eVp5pg3KHSH7DPmKG/z69jl4B5lE7lA=;
        b=YIFKrI8XIzQg5FTA3ajkM8g6+Kg8Un85RdEuBgFkCNwelFBOf8MncSoS8Ir3DZIu1t
         lyKCEMG64agJss6yNW8n2dSecds9Cg33Y5gd5afyWloIzG9zLkOh2xNq8IA8d3FCaFgr
         bIgmFC5lBwU4FcQARZeszn08JjuhvsO04968T/Wm1wONZeIQh3KSov0AgeSzX3XPcTb/
         7O7ZMn6s5sxqynm9vzpJEKNsBmx+/VTOV9RVdBnp10Y6zTU57VA7/0I7CfxIzlBv2e1l
         FEfQgI0qguB2113lvneEQuFD11AYt/7zJHsX9QAxasJMkblet0CYxqD+dQ3sgGVGlzGo
         sP4A==
X-Gm-Message-State: AOAM530VYgYfKY5J2V6Vg6WyKj7lEbqYQlK/S/wbGIoGw1sXlTbMMlN9
	usErh42i+qwl7+ILc+tl2rQ=
X-Google-Smtp-Source: 
 ABdhPJx4AKW6IG6K384kWf6aQa2O2SovSx1rF0pbCbF+0dtAR8kx2q2iLmkQbGoWblRAdCC693482g==
X-Received: by 2002:a5d:522a:0:b0:1e3:36c0:6e76 with SMTP id
 i10-20020a5d522a000000b001e336c06e76mr5640475wra.11.1645178786863;
        Fri, 18 Feb 2022 02:06:26 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:26 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 10/46][dunfell] grub: add a fix a NULL pointer dereference in
 gnulib
Date: Fri, 18 Feb 2022 11:05:18 +0100
Message-Id: <20220218100554.1315511-11-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:29 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161898

This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...-Fix-dereference-of-a-possibly-NULL-.patch | 52 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch

diff --git a/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch b/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
new file mode 100644
index 0000000000..102a494561
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
@@ -0,0 +1,52 @@
+From eaf9da8b5f8349c51cfc89dd8e39a1a61f89790a Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 28 Oct 2020 14:43:01 +0000
+Subject: [PATCH] gnulib/argp-help: Fix dereference of a possibly NULL state
+
+All other instances of call to __argp_failure() where there is
+a dgettext() call is first checking whether state is NULL before
+attempting to dereference it to get the root_argp->argp_domain.
+
+Fixes: CID 292436
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3a37bf120a9194c373257c70175cdb5b337bc107]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ conf/Makefile.extra-dist                             |  1 +
+ .../lib/gnulib-patches/fix-null-state-deref.patch    | 12 ++++++++++++
+ 2 files changed, 13 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 9e55458..96d7e69 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+new file mode 100644
+index 0000000..813ec09
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+@@ -0,0 +1,12 @@
++--- a/lib/argp-help.c	2020-10-28 14:32:19.189215988 +0000
+++++ b/lib/argp-help.c	2020-10-28 14:38:21.204673940 +0000
++@@ -145,7 +145,8 @@
++       if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
++         {
++           __argp_failure (state, 0, 0,
++-                          dgettext (state->root_argp->argp_domain,
+++                          dgettext (state == NULL ? NULL
+++                                    : state->root_argp->argp_domain,
++                                     "\
++ ARGP_HELP_FMT: %s value is less than or equal to %s"),
++                           "rmargin", up->name);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index df2c8b8a16..94873475c1 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -56,6 +56,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \
            file://0008-gnulib-regexec-Resolve-unused-variable.patch \
            file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
+           file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:19 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3764
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 748A0C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:30 +0000 (UTC)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com
 [209.85.128.51])
 by mx.groups.io with SMTP id smtpd.web11.9179.1645178789292917357
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:29 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=VQe2Ne8Q;
 spf=pass (domain: gmail.com, ip: 209.85.128.51,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f51.google.com with SMTP id k41so4906118wms.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=GfP3tltqbaLUURhXMUtUbEmn6mPMTlKv9BwNoP0YGSk=;
        b=VQe2Ne8Q7P6k5RfpUGtvFkTMU/J5J0imVgvgfz06JcNQCxY6B5CNffcgRCfcibfyqn
         kO8nXZ2Ui6f/XZzQ8GxRuSP4H/Rbv6dPaIt1yjS8b/yZ6wcaxrZ7zqaesNEk355KVJim
         PbMdioCAylSKrgKXS7gkD67BQ+j0jObX8/Um1UWifxdABUFswTCrsu10x3T1gOOLrFyY
         myRkqee04MrOEbKFvEBozPFuIFzIpBi88MKqbtWJtyc419b5gFzs/WHmMgN/hi5m2M30
         AzmX/ZRkuZlLcabzUVjA8vvgFudGl5s/TlaH4n9oStdUVCuT5VrqaOQl0YebTgH4xB6W
         5YtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=GfP3tltqbaLUURhXMUtUbEmn6mPMTlKv9BwNoP0YGSk=;
        b=ICkjiANSIcIBucJg4Ic0e+dhObOOFy5SrAd1fbdr/hh0D7SbxluDwMlPvhJX/SBNdm
         gHJrNNdQyCLB6WjvAex688a6zbXrb2FqVVZcHJxUaxi7sOlznkr1C6uRVSJdos/hfvIe
         l6qKSgdQLSiGw/eGvimWGKpLgojJi45iAKxwoxudp7AU1oQEcdAeSGOuD70dYzc/2mIZ
         BBu9R9PYMAXgl7l9M61M0auSbau47MatWnQztHFT+y5HaRTjqKTu5hqWsIYxvhaLMP93
         QCze7lAAGZAmHRleoyvtg/rhhoKpcZ4bPWvpaPNxEo9yPMwuD+sj4eR4f8VRY73M+ExP
         u5Uw==
X-Gm-Message-State: AOAM53048orasZRM7SOhgqIIhpUAaMdzCLXJ6l4znncmC98m4t3lApgh
	0K5OteAoqr2srhO22OWfEZU=
X-Google-Smtp-Source: 
 ABdhPJy7O3znEhWb5Wmx/k2dflwCLMBpv+RtHNzThcXG4a3VTz9Ku+baDQUqFGPhWUJ3t1N6LrHFkg==
X-Received: by 2002:a05:600c:4e8a:b0:37d:1c28:20fc with SMTP id
 f10-20020a05600c4e8a00b0037d1c2820fcmr6361529wmq.166.1645178787871;
        Fri, 18 Feb 2022 02:06:27 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:27 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 11/46][dunfell] grub: add a fix for NULL pointer dereference
Date: Fri, 18 Feb 2022 11:05:19 +0100
Message-Id: <20220218100554.1315511-12-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161899

Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...egexec-Fix-possible-null-dereference.patch | 53 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch

diff --git a/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
new file mode 100644
index 0000000000..4f43fcf7d5
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
@@ -0,0 +1,53 @@
+From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:57:14 +0000
+Subject: [PATCH] gnulib/regexec: Fix possible null-dereference
+
+It appears to be possible that the mctx->state_log field may be NULL,
+and the name of this function, clean_state_log_if_needed(), suggests
+that it should be checking that it is valid to be cleaned before
+assuming that it does.
+
+Fixes: CID 86720
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ conf/Makefile.extra-dist                             |  1 +
+ .../lib/gnulib-patches/fix-regexec-null-deref.patch  | 12 ++++++++++++
+ 2 files changed, 13 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 96d7e69..d27d3a9 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+new file mode 100644
+index 0000000..db6dac9
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+@@ -0,0 +1,12 @@
++--- a/lib/regexec.c	2020-10-21 14:25:35.310195912 +0000
+++++ b/lib/regexec.c	2020-11-05 10:55:09.621542984 +0000
++@@ -1692,6 +1692,9 @@
++ {
++   Idx top = mctx->state_log_top;
++
+++  if (mctx->state_log == NULL)
+++    return REG_NOERROR;
+++
++   if ((next_state_log_idx >= mctx->input.bufs_len
++        && mctx->input.bufs_len < mctx->input.len)
++       || (next_state_log_idx >= mctx->input.valid_len
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 94873475c1..e7168e75ea 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -57,6 +57,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0008-gnulib-regexec-Resolve-unused-variable.patch \
            file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
            file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
+           file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:20 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3765
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 748BDC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:31 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.web10.9080.1645178790298493207
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:30 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=OLQsh04I;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 az26-20020a05600c601a00b0037c078db59cso5984345wmb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=G89MIHEA8eqQI5S55oLwMESBfN2hPesgJs0QaBdlbMw=;
        b=OLQsh04IQHhvRdJOpkGqvxa/oRdp1C4ayyqg1s3xFxD/ZB9p2TBNVfxK+/o9S4aGWW
         4YexCrIxMGJh5AjrpgLxhcOcfmopba6xGrx4bgX6rA1tU4bFteAGWk+zuwiDHukxlxJe
         WEHGM0wagmQWGWWVqXjKClBNAwaPXsh+RgKAHa8t79VbYsecAa8B8QRlgI1hj3ef65K+
         89t36484/a4IDzf3TgZcWijufDeF9d7rPyt9qfJWWXV1zAf4R4owVQvtWwfTHrEUqsXs
         jj1ZbLdOvUMm5iEqHQnKK/NLJ/kAHpuM6UUQsSY07pYNHH3yNNWR645c4+09/j+msAQu
         qllw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=G89MIHEA8eqQI5S55oLwMESBfN2hPesgJs0QaBdlbMw=;
        b=eZ7JiCiSlfwgHN8LwTj47nK9QwZ0hp9CU5iyjJ2PvC7sO9tYMoss8MvKTc0T1PLpFz
         //T7p/Zht2Nnp8d7IsW7RRCkKZjJtJWyj2KszUNVHIAV8DFMyVOo2KtqyJyoSjlWYzSW
         C7O2f4eo1lmdej/HwAeeGLkYhKLZ3z7qXgSgk6X3rt2qiCVmGTEZWGUEhA0gbPYbkwfN
         /lAg8aLR0Z/ms36U0b+vDKGy0Tu7VYnTRqXpRgldV7ddYoiTHm30WP2eDiJVncW6B+os
         fKPZSJjivd1n2So4GWGdo7KCqVMxK1yskswj8fQGNx00ieTzaBia3gLco32+s2Nlho3y
         q+8A==
X-Gm-Message-State: AOAM533cJCK8MqrrVw1Z8Nb5ovuxyGj/Zpbr6lBXdj9e4ghwbReSgGOs
	VQSmrdlMoixTZZiOmYRd4yMJWbogwxE=
X-Google-Smtp-Source: 
 ABdhPJy7d2SdrqK++pNFi4FCzxwT4Xv09dgfkdtEJ22U0l4wMo1Y4sgMHGrrNTZzrkA0h3nlqmtPIA==
X-Received: by 2002:a05:600c:1e24:b0:37e:cd3d:feba with SMTP id
 ay36-20020a05600c1e2400b0037ecd3dfebamr1772756wmb.50.1645178788821;
        Fri, 18 Feb 2022 02:06:28 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:28 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 12/46][dunfell] grub: fix an unitialized re_token in gnulib
Date: Fri, 18 Feb 2022 11:05:20 +0100
Message-Id: <20220218100554.1315511-13-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161900

This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...b-regcomp-Fix-uninitialized-re_token.patch | 55 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch

diff --git a/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch b/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch
new file mode 100644
index 0000000000..0507e0cd66
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch
@@ -0,0 +1,55 @@
+From 512b6bb380a77233b88c84b7a712896c70281d2f Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 24 Nov 2020 18:04:22 +0000
+Subject: [PATCH] gnulib/regcomp: Fix uninitialized re_token
+
+This issue has been fixed in the latest version of gnulib, so to
+maintain consistency, I've backported that change rather than doing
+something different.
+
+Fixes: CID 73828
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03477085f9a33789ba6cca7cd49ab9326a1baa0e]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ conf/Makefile.extra-dist                          |  1 +
+ .../gnulib-patches/fix-regcomp-uninit-token.patch | 15 +++++++++++++++
+ 2 files changed, 16 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index d27d3a9..ffe6829 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+new file mode 100644
+index 0000000..02e0631
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+@@ -0,0 +1,15 @@
++--- a/lib/regcomp.c	2020-11-24 17:06:08.159223858 +0000
+++++ b/lib/regcomp.c	2020-11-24 17:06:15.630253923 +0000
++@@ -3808,11 +3808,7 @@
++ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
++ 	     re_token_type_t type)
++ {
++-  re_token_t t;
++-#if defined GCC_LINT || defined lint
++-  memset (&t, 0, sizeof t);
++-#endif
++-  t.type = type;
+++  re_token_t t = { .type = type };
++   return create_token_tree (dfa, left, right, &t);
++ }
++ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index e7168e75ea..4ddb9fc4f1 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -58,6 +58,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
            file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
            file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
+           file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:21 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3766
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 758B0C433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:32 +0000 (UTC)
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com
 [209.85.128.48])
 by mx.groups.io with SMTP id smtpd.web11.9180.1645178791642819803
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=nhmdZzdy;
 spf=pass (domain: gmail.com, ip: 209.85.128.48,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f48.google.com with SMTP id
 k127-20020a1ca185000000b0037bc4be8713so8218506wme.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=up80nopxMnwbVF/uExENh7DUnzPo4xKW9E6MbxjZAQk=;
        b=nhmdZzdy88aKwV2DAeBnjnHBIR/snOr8Y6pJ+PknIM0xaqCa8w4Vj9ozLutP6BsWZV
         A9P33BH3lcDNxU7ERNrbcSQ9pqP2TxDnQ8l7R7t802rDsFJcyERF701LXqf7ggX9LD+u
         Lgq67VKyNe8szsqgJiUhRX18egPJP5Nve1Lf8K8cH4QA178u8dXaJmME1NnCYXy+hNap
         3b+99/gKJHRj16nUWePlQQ2AVN4Fj7+5P1Rcqx85O/GJMlSld3fsrAwqhUPbckvh3jJF
         dU6xG5YUPuVcVR9uUS518mKwuTTtC2jHAPf399SZqlurKymdqP55KpiOpYX9DfxeKXYV
         HgGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=up80nopxMnwbVF/uExENh7DUnzPo4xKW9E6MbxjZAQk=;
        b=4/jyJV5deL+74f+ILLhyPohCttM6tEwn+IGil+QLyKHr1/WqDPkbZQfBwrFCjuj3yg
         cA2s8hEwu5qJ7BTmUJdM1+Bwy9GYjyMv/fMMghwbArE9sBBTp6GG0wfTN81ElJpS2imx
         e+r/5n/xj2VEM5zDfX6QWx09NxR3U3XVaK7dF4h2Yf9E3r5ByypeaJnhGjTUluQT4BTl
         UtI847omOTmp2+87WXEnxeZM4Ug9kd3EfL6H8coHGziGM1Vr51+s9ZAEopphVe9NWQ3X
         +NiaDay2El3bstNPsYvYM8uaZdkSxn5iwCbPaI4Nd/xZ1D2MeNMpKShEiTq5y2bDKqOl
         VmAw==
X-Gm-Message-State: AOAM530sWjy9wHI/dctxB/9Qn2KzY1mmNY26IzxBQXWutDbJ3PKwDxgb
	/yWxtVy3/vBg2yLURsaY0Z0=
X-Google-Smtp-Source: 
 ABdhPJwL8uiHGv7NJ6n7ipYuHBzLSMGG0M3SijPKMqhmzM7H86CWi/O4BzYK/jWaeVrlGH5wOJTWnA==
X-Received: by 2002:a05:600c:3486:b0:37c:d45c:179f with SMTP id
 a6-20020a05600c348600b0037cd45c179fmr6319002wmq.6.1645178790053;
        Fri, 18 Feb 2022 02:06:30 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:29 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 13/46][dunfell] grub: add a fix for unnecessary assignements
Date: Fri, 18 Feb 2022 11:05:21 +0100
Message-Id: <20220218100554.1315511-14-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:32 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161901

Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...e-unnecessary-self-assignment-errors.patch | 41 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch

diff --git a/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch b/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
new file mode 100644
index 0000000000..1190b0d090
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
@@ -0,0 +1,41 @@
+From c529ca446424f1a9c64f0007dfe31fa7645d13ac Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 21 Oct 2020 14:44:10 +0000
+Subject: [PATCH] io/lzopio: Resolve unnecessary self-assignment errors
+
+These 2 assignments are unnecessary since they are just assigning
+to themselves.
+
+Fixes: CID 73643
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=59666e520f44177c97b82a44c169b3b315d63b42]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/io/lzopio.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c
+index 3014485..a7d4425 100644
+--- a/grub-core/io/lzopio.c
++++ b/grub-core/io/lzopio.c
+@@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio)
+ 			  sizeof (lzopio->block.ucheck)) !=
+ 	  sizeof (lzopio->block.ucheck))
+ 	return -1;
+-
+-      lzopio->block.ucheck = lzopio->block.ucheck;
+     }
+ 
+   /* Read checksum of compressed data.  */
+@@ -143,8 +141,6 @@ read_block_header (struct grub_lzopio *lzopio)
+ 			      sizeof (lzopio->block.ccheck)) !=
+ 	      sizeof (lzopio->block.ccheck))
+ 	    return -1;
+-
+-	  lzopio->block.ccheck = lzopio->block.ccheck;
+ 	}
+     }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 4ddb9fc4f1..1906a28f30 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -59,6 +59,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
            file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
            file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \
+           file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:22 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3767
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 74464C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:33 +0000 (UTC)
Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com
 [209.85.221.52])
 by mx.groups.io with SMTP id smtpd.web09.9117.1645178792579970441
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=G0svo3IT;
 spf=pass (domain: gmail.com, ip: 209.85.221.52,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f52.google.com with SMTP id d27so13637254wrc.6
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=IXHAB6I+pDSCVuPeXmX5oIksmkaM4iBhrMzsALZVnKs=;
        b=G0svo3ITyI+mBDc+eAHdAwiFtqKCO/CHp33o3WhYznrQ01ga32ST+7NfOcvueheBaN
         jK5oseJr830TDYelgEYx4DV7hSL14hi0ZnSenooTMsoV448/1O2l4dAqFu+73wVSgYiz
         UzgHu8gchCxnr0d2VA/Ol4eobBKB5eTpHExPVRtanqEP8Q6QMzSePzzTpZNuoebF8+9g
         /mvLYvHe2ZW7vXjTuIOzEhJ5kpsj+uPvmO1602wBrnEXMkiQYMRhluH68l9Dg3rRCO5a
         UsuT3rthyyTj0zd9Rzvp9pEuFm3TfgiFzghc5bGEWs+9wwlyPny0uCuFk8SJ3NO4TBp1
         kSJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=IXHAB6I+pDSCVuPeXmX5oIksmkaM4iBhrMzsALZVnKs=;
        b=oUezwRZhRuRMagF6qxg0lz7buvNJ2D0IRBzUf7Hj0BqsC/ASG3xN8/QykpKnAIJrZx
         HfmUSYc5wyKPc6e7LF4lBjHGn+u7IGwFrqZqHDKF9Z8lEAd9GMdTf9NuNQrcDsOW9pwD
         +yekdgKto+jBu6CdmHg0hM+2/NDX3ohlDJxVHoZlI1yA1Mgnh2TT6Dtm8f6SFwbILDbJ
         8oOPNx/TCX5HRbPI04d80nhdmfvUV4dZG7CsRtyUAT0XllgVeV9VcgrTYIgGEE5qJFnU
         wdYd+D9GwsBN0+C31aZniH3WxjHnKb148h2m9O3GXWlA9a8iyBVnTnL2JZJ0cwT18lAX
         vM7A==
X-Gm-Message-State: AOAM531jZOtQZXasyWBVNFTe7QpJPzLcpgZtCtiq8Vou7iWNgPoqTkQr
	PtH8iYA1GeqS6zcVOH7C8OIwY3u3Chw=
X-Google-Smtp-Source: 
 ABdhPJzNHmvj9vRWVHb+EuIhtvI7dCaLR5m6iAT+CMlwb4jl/MxsvVO3a4/pk7pQNLJzCQC7Ah1C5A==
X-Received: by 2002:adf:c382:0:b0:1e3:1be3:cc38 with SMTP id
 p2-20020adfc382000000b001e31be3cc38mr5401459wrf.368.1645178791060;
        Fri, 18 Feb 2022 02:06:31 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:30 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 14/46][dunfell] grub: add structure initialization in zstd
Date: Fri, 18 Feb 2022 11:05:22 +0100
Message-Id: <20220218100554.1315511-15-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:33 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161902

This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...std-Initialize-seq_t-structure-fully.patch | 34 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch

diff --git a/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch b/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch
new file mode 100644
index 0000000000..19d881c1ca
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch
@@ -0,0 +1,34 @@
+From f55ffe6bd8b844a8cd9956702f42ac2eb96ad56f Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:29:59 +0000
+Subject: [PATCH] zstd: Initialize seq_t structure fully
+
+While many compilers will initialize this to zero, not all will, so it
+is better to be sure that fields not being explicitly set are at known
+values, and there is code that checks this fields value elsewhere in the
+code.
+
+Fixes: CID 292440
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2777cf4466719921dbe4b30af358a75e7d76f217]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/lib/zstd/zstd_decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/zstd/zstd_decompress.c b/grub-core/lib/zstd/zstd_decompress.c
+index 711b5b6..e4b5670 100644
+--- a/grub-core/lib/zstd/zstd_decompress.c
++++ b/grub-core/lib/zstd/zstd_decompress.c
+@@ -1325,7 +1325,7 @@ typedef enum { ZSTD_lo_isRegularOffset, ZSTD_lo_isLongOffset=1 } ZSTD_longOffset
+ FORCE_INLINE_TEMPLATE seq_t
+ ZSTD_decodeSequence(seqState_t* seqState, const ZSTD_longOffset_e longOffsets)
+ {
+-    seq_t seq;
++    seq_t seq = {0};
+     U32 const llBits = seqState->stateLL.table[seqState->stateLL.state].nbAdditionalBits;
+     U32 const mlBits = seqState->stateML.table[seqState->stateML.state].nbAdditionalBits;
+     U32 const ofBits = seqState->stateOffb.table[seqState->stateOffb.state].nbAdditionalBits;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1906a28f30..7cf4d64149 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -60,6 +60,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
            file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \
            file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
+           file://0014-zstd-Initialize-seq_t-structure-fully.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3768
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 73FFDC433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:34 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.web10.9081.1645178793638717275
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:34 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=MyoGiPq/;
 spf=pass (domain: gmail.com, ip: 209.85.128.47,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f47.google.com with SMTP id
 m126-20020a1ca384000000b0037bb8e379feso8207222wme.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=g5sl50RpMMYLiGVhC5b6iy6hOtbHmkGYsUUjIGy/Hzg=;
        b=MyoGiPq/E6XoKKfGYsWAiHwf+E3N8okE7K7IEUnpN7nCvHEtHSDLQGn2s5lyxOgNym
         GN2uVWiHGHiHH0BoGtkTlPSQxAh0Rwfr5fg3G2VTm8WSRX45bDrsq3MiPe8L2ZKBGFGw
         955Lsb7747Dq9ks8rrW+ewKzKCxT12x0mW40lPv2F2NTWIb+RJ8G0xDxj6zGg1cilMNf
         vJiY9oEhS2larUIHEheaA79mRm4MJZ1kyORmstteJixMcxb3vdCrVTW+SZEy+NYKbCGK
         wI+XCnMFrXao9+U/C0JE64h5jlx3ToesY7d0kgpZnWc9RQk6p3wXVKv3+WIeVEH0bUsL
         gM8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=g5sl50RpMMYLiGVhC5b6iy6hOtbHmkGYsUUjIGy/Hzg=;
        b=soXcrfbb8bQqSBgkrY9ytx1WGM1+Eu05Bx06pydXv2B2XVQDDLdk0fnB6sdab/Lyu3
         fdsX7rP0VyJhlPrRCjA45MORqTFb00gRA1/EZZ/XrGziIoyd4Jo7EAVVqZA9Ci0hdlJi
         eaO7qAvOuNCcJkIpu4ckeeJCg4B840aiaJ9DV32HoQsphleIObTfyRRkA9v1pbkK2xSJ
         3oJyOS6WIX+TPX2A3Gk2p9xPGihhTC7gai2glN/T8ccHntfzeSZ72ASEeND5vsrBuYZ+
         E2scd8o8yj/R490w+ehGa/9QFP2+VUjSepTl8H1hK01czIPLo0Yk+xBr4DJ7p6lOEewD
         zuMg==
X-Gm-Message-State: AOAM531jSV1C+Vps5WU0sHb34VEYv480euwuv1x0vUMec7Lp85v0eb9S
	ZhI+ZvIZ6XH632sOZZS7wdo=
X-Google-Smtp-Source: 
 ABdhPJyik9lBF3Df5cc9l4c1mckJP7t6i9wwRxwing1kgaDBOln0XsloBzNhZgADK5MAZsAwVnWOnQ==
X-Received: by 2002:a05:600c:3acb:b0:37b:db39:f3b1 with SMTP id
 d11-20020a05600c3acb00b0037bdb39f3b1mr6376257wms.175.1645178792104;
        Fri, 18 Feb 2022 02:06:32 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:31 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 15/46][dunfell] grub: add a missing NULL check
Date: Fri, 18 Feb 2022 11:05:23 +0100
Message-Id: <20220218100554.1315511-16-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161903

This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...heck-for-NULL-before-dereferencing-i.patch | 43 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch

diff --git a/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch b/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch
new file mode 100644
index 0000000000..af9fcd45cc
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch
@@ -0,0 +1,43 @@
+From 0da8ef2e03a8591586b53a29af92d2ace76a04e3 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 23 Oct 2020 09:49:59 +0000
+Subject: [PATCH] kern/partition: Check for NULL before dereferencing input
+ string
+
+There is the possibility that the value of str comes from an external
+source and continuing to use it before ever checking its validity is
+wrong. So, needs fixing.
+
+Additionally, drop unneeded part initialization.
+
+Fixes: CID 292444
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bc9c468a2ce84bc767234eec888b71f1bc744fff]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/kern/partition.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
+index e499147..b10a184 100644
+--- a/grub-core/kern/partition.c
++++ b/grub-core/kern/partition.c
+@@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t partmap,
+ grub_partition_t
+ grub_partition_probe (struct grub_disk *disk, const char *str)
+ {
+-  grub_partition_t part = 0;
++  grub_partition_t part;
+   grub_partition_t curpart = 0;
+   grub_partition_t tail;
+   const char *ptr;
+ 
++  if (str == NULL)
++    return 0;
++
+   part = tail = disk->partition;
+ 
+   for (ptr = str; *ptr;)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7cf4d64149..94b89aa643 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -61,6 +61,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \
            file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
            file://0014-zstd-Initialize-seq_t-structure-fully.patch \
+           file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:24 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3769
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 76FCCC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:35 +0000 (UTC)
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
 [209.85.128.43])
 by mx.groups.io with SMTP id smtpd.web10.9083.1645178794651186868
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:35 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=b8CfvVLj;
 spf=pass (domain: gmail.com, ip: 209.85.128.43,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f43.google.com with SMTP id
 y6-20020a7bc186000000b0037bdc5a531eso5696743wmi.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=w8VJqzrIbSge4fI8eFxCYbHLfAfHeAD38lw28mYiALE=;
        b=b8CfvVLj4xx+vk0R7dgYXgPFk8stvojIUn9EwvgH4Igf51aSlSzsEs3MmU24zJkaCY
         JcRZ6os5X6YPpIP6/bz+6im//vTmzCIB7t2o+890qfNEUzkPDB23BsscDffh/nNmBmBe
         Zvy2TnE+uPAef8DFVhB2PX9gEmtQx+31YmL8n0RRtN9pF9ToxkkZ42E5Eq8Gf29DMUPs
         paWZYM+3vno22SEEMXL3JCM107pv2FrLFHNVhz1gE9QEr2c0axRNBT06dhIugeLqBbGQ
         bE2UmKThdXSDEVs8uKgURsKjEOHNeXfztfPnuiXvUeCtUozOsj8nLYoDORu8Vi7y0P8c
         V94g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=w8VJqzrIbSge4fI8eFxCYbHLfAfHeAD38lw28mYiALE=;
        b=0J04aF66d1XdCbnYqfzByql8to9zoNXkFIox0Y9+HOxObNknCnYfi7KiOrJqYdOshW
         zHMUn+4OIzfzmTg32nT2Pyqx1X35R80UTcd9LQ7pq0iIkRFf75HwIoXGDh6muwNxhHTF
         XwbsESXFDBvfbJYe4YqdHO0EiKRFHnpt66q+orXP/PlF/TTOZa1+bMH8bfYhRdcuM/AR
         bNxSJvs+GrmdP4GjZw2CKogyJs1uT+mBh1D+zNL4d6H/cKefO0f3JLiVM6X1eNZ8nl+O
         qOCv1V6OMIOSvc6d8mutmYwp01PYCbHpv/MVZPpX+Z0dtMzXBTA0dtkyBIbDkOSaLEmw
         stbg==
X-Gm-Message-State: AOAM530gR5a+U969RTvfzy4dN0z1KKtoFd9bZ0turifw79YQSjQp3pqL
	Q4O0Z6MIOwg8RxiJFnDi+fM=
X-Google-Smtp-Source: 
 ABdhPJz2CbuJmLQWMmVU4W5/y4YEa1glSAMOOOJgqG1j2buBeyXu2v0OIW0SlRk6JY8mrTNFFSyt4w==
X-Received: by 2002:a05:600c:285:b0:37b:e5b1:c446 with SMTP id
 5-20020a05600c028500b0037be5b1c446mr6345779wmk.49.1645178793141;
        Fri, 18 Feb 2022 02:06:33 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:32 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 16/46][dunfell] grub: fix a memory leak
Date: Fri, 18 Feb 2022 11:05:24 +0100
Message-Id: <20220218100554.1315511-17-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:35 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161904

Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...re-comp-data-is-freed-before-exiting.patch | 128 ++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 2 files changed, 129 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

diff --git a/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch b/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
new file mode 100644
index 0000000000..c1687c75d0
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
@@ -0,0 +1,128 @@
+From 0c5d0fd796e6cafba179321de396681a493c4158 Mon Sep 17 00:00:00 2001
+From: Marco A Benatto <mbenatto@redhat.com>
+Date: Mon, 7 Dec 2020 11:53:03 -0300
+Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
+ make_vg()
+
+Several error handling paths in make_vg() do not free comp data before
+jumping to fail2 label and returning from the function. This will leak
+memory. So, let's fix all issues of that kind.
+
+Fixes: CID 73804
+
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=23e39f50ca7a107f6b66396ed4d177a914dee035]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 44 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 58f8a53..428415f 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
+ 	      comp->segments = grub_calloc (comp->segment_alloc,
+ 					    sizeof (*comp->segments));
+ 	      if (!comp->segments)
+-		goto fail2;
++		{
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	    }
+ 	  else
+ 	    {
+@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
+ 	      comp->segment_count = 1;
+ 	      comp->segments = grub_malloc (sizeof (*comp->segments));
+ 	      if (!comp->segments)
+-		goto fail2;
++		{
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      comp->segments->start_extent = 0;
+ 	      comp->segments->extent_count = lv->size;
+ 	      comp->segments->layout = 0;
+@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
+ 		  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
+ 		}
+ 	      else
+-		goto fail2;
++		{
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      ptr += *ptr + 1;
+ 	      ptr++;
+ 	      if (!(vblk[i].flags & 0x10))
+-		goto fail2;
++		{
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
+ 		  || ptr + *ptr + 1 >= vblk[i].dynamic
+ 		  + sizeof (vblk[i].dynamic))
+ 		{
++		  grub_free (comp->segments);
+ 		  grub_free (comp->internal_id);
+ 		  grub_free (comp);
+ 		  goto fail2;
+@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
+ 	      if (ptr + *ptr + 1 >= vblk[i].dynamic
+ 		  + sizeof (vblk[i].dynamic))
+ 		{
++		  grub_free (comp->segments);
+ 		  grub_free (comp->internal_id);
+ 		  grub_free (comp);
+ 		  goto fail2;
+@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
+ 	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
+ 						   sizeof (*comp->segments->nodes));
+ 	      if (!lv->segments->nodes)
+-		goto fail2;
++		{
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	    }
+ 
+ 	  if (lv->segments->node_alloc == lv->segments->node_count)
+@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
+ 
+ 	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
+ 		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
+-		goto fail2;
++		{
++		  grub_free (comp->segments->nodes);
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 
+ 	      t = grub_realloc (lv->segments->nodes, sz);
+ 	      if (!t)
+-		goto fail2;
++		{
++		  grub_free (comp->segments->nodes);
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      lv->segments->nodes = t;
+ 	    }
+ 	  lv->segments->nodes[lv->segments->node_count].pv = 0;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 94b89aa643..479e2f71f2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -62,6 +62,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
            file://0014-zstd-Initialize-seq_t-structure-fully.patch \
            file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \
+           file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:25 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3770
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 75566C433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:36 +0000 (UTC)
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com
 [209.85.221.54])
 by mx.groups.io with SMTP id smtpd.web12.9109.1645178795609315077
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:35 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=dKejATwU;
 spf=pass (domain: gmail.com, ip: 209.85.221.54,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f54.google.com with SMTP id v12so13678211wrv.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=iXh9zbe9r5LGbTTseJpas6s6nKZI99kgm4W8pbG7540=;
        b=dKejATwUgpPemdhZM4kAxcobhldKebEKZHc1wEj68LjWxbCtrkBh88GP/7YBX9R8Gk
         VzcRBnL5fBR5cRAkmZKEs98VULWwiFZtGYXX2/SdzQL6sdivuBOU33yTiX5xWPm4rBiK
         vbhO/7YbfpguVkqnlHipb86QCcUMloJDWcZXRv1n99ql8P8Ih4GAYVuWJm/zjGzkzc0t
         UhYQX/9LlpFkkGkA8KK3zAFx3gjewwxqQhQ2CmCGjiC446VslSQEdJOn6gxBzF3R0u3v
         Vx4bPiL1i+SAyiyJuxsMcBzb1TU/WFyVgoq0yV4hN3yGhk2ItC0XGxiSFtgV7iBDUuNs
         y2/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=iXh9zbe9r5LGbTTseJpas6s6nKZI99kgm4W8pbG7540=;
        b=wKQOXD4QoITeWUY2ZqQgl10kOiHiKWaUpNJDlHMEE4stANmDHIhMWj5KerIF6E99Ei
         g09ss0Htii6SLBpyz4W02cjzxZB2/rvurIZ4YSbuWW2cIu7LyZmNEmWFslS1JDGgb5i/
         8wvC855Ik6Xgwl+f8oSz7AZu16LiJa41XbQj7sSR4X/pviVJA+HIrpBwFPtHP4M1FnFH
         dHvwtw3nNismW/4SNvqs7Y0GswjdIdy8aYO019MzNURfLyaRLroZkS0qdfO6DdE5MHnn
         EYNrlFzqcVAaZmpSxZeUyTaxvAiJqra4MZm9g7GHU1Cb6Qwk4dw1vX8M5KESZBnP49Vb
         JvFA==
X-Gm-Message-State: AOAM532zf56OBYdFrFCLCH2rVVo36kKzEzQlr5iX6cKyYxeH5m6u7m4q
	ZDpyOSZPhybNsEvFQgTzHeU=
X-Google-Smtp-Source: 
 ABdhPJz2VhoKnQ97XTtE4gG18l8Z46u9TldWGpz3NXXgNzm5sazxNbP3Nm7d6QR4L1/M1drkLv7tIw==
X-Received: by 2002:a5d:470c:0:b0:1e3:2b64:2ba9 with SMTP id
 y12-20020a5d470c000000b001e32b642ba9mr5259874wrq.576.1645178794172;
        Fri, 18 Feb 2022 02:06:34 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.33
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:33 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 17/46][dunfell] grub: fix a memory leak
Date: Fri, 18 Feb 2022 11:05:25 +0100
Message-Id: <20220218100554.1315511-18-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:36 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161905

This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...-If-failed-then-free-vg-variable-too.patch | 28 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch

diff --git a/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch b/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch
new file mode 100644
index 0000000000..ecdb230f76
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch
@@ -0,0 +1,28 @@
+From 253485e8df3c9dedac848567e638157530184295 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Date: Mon, 7 Dec 2020 10:07:47 -0300
+Subject: [PATCH] disk/ldm: If failed then free vg variable too
+
+Fixes: CID 73809
+
+Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e0b83df5da538d2a38f770e60817b3a4b9d5b4d7]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/disk/ldm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 428415f..54713f4 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -199,6 +199,7 @@ make_vg (grub_disk_t disk,
+     {
+       grub_free (vg->uuid);
+       grub_free (vg->name);
++      grub_free (vg);
+       return NULL;
+     }
+   grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 479e2f71f2..a8ee0dd68a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -63,6 +63,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0014-zstd-Initialize-seq_t-structure-fully.patch \
            file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \
            file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
+           file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3771
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 76CFAC433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:38 +0000 (UTC)
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com
 [209.85.128.49])
 by mx.groups.io with SMTP id smtpd.web11.9181.1645178797010572014
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:37 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=MRM8ij54;
 spf=pass (domain: gmail.com, ip: 209.85.128.49,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f49.google.com with SMTP id c192so4884201wma.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=DPYXC1q++SMAPEkU4OWyGO6/6lyPqwuzs5SQKSLz8XI=;
        b=MRM8ij544ouI8NvXhOpgL3q1vZa0LjKD1JnYecoc+pwkex/rMejLTOF5NQ8URYR9of
         3sRhiqCx/gAwd44okBrjdGNkeZRPRXrLXbuhKMPbecbPZm7QC7CWddrXHiOSeZ7YEXSh
         hvW3mijvuHA2l9Axhy+kqERd3miN2oGn3hZ5yxIg6BjkXdsE8Iat/s0aqdDsZ6qdndvJ
         G6ZaP2BltK2rX66SlMa9EZfYbmCcXZqRbyZOzKMscAg62MXZ9p/Sh0ft9Bqz2MHSk0sY
         DHgeiukhysRM8fxX6nKhb4+ZvtJ016Um9RegrtCVTR+ncpd4qGFQa9PJ5gLL+m+5Zxbb
         uLgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=DPYXC1q++SMAPEkU4OWyGO6/6lyPqwuzs5SQKSLz8XI=;
        b=Rhx/DW1rfpGQ2B82w7oYFQP3ZPNBzNN1sHTo9Nrh0GUAwJ2YSddcSDO2nXuxdUAmYR
         4KW4JXSBlfy+VblhEAijyxDm59giECRspO+0rgIwEjJ6iw/hjVVzyAhb4AdADd3ZhYFQ
         kr8wA22xiWSrV16N/DRImPTXgwSksb4nzOE0CExaR6VDt9fpmBhF4kIFWeTof6q4smrl
         Wa1RriEgZH/ynSuxS0QC1A3uDaOSAsqec49p5xmplb0e2A3n4wP3GzWu/CcjhUzzPpoZ
         fNjK1DbI7/VhWQa2ddCaujrEH2yzK3tqGCNE/kbu6zhboXxIn9WCTLngNX8Kjlcmf4BJ
         Wzhg==
X-Gm-Message-State: AOAM53343aQMKuvwMnnVDawdKvpCa/xOvshwF23Zv9ZkiwLdCLAPwbHT
	CQWTgKi9SE/MLG6gAm7s4lM=
X-Google-Smtp-Source: 
 ABdhPJwz8sOy69sezzAtN7AYyU8jtYk1ogwEPeg2V/XfYnu5+SiBWdBKzVDyC7zZakoR+OPUVEF6SQ==
X-Received: by 2002:a7b:c192:0:b0:37b:c6f5:4df0 with SMTP id
 y18-20020a7bc192000000b0037bc6f54df0mr6497104wmi.79.1645178795499;
        Fri, 18 Feb 2022 02:06:35 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:34 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 18/46][dunfell] grub: fix a memory leak
Date: Fri, 18 Feb 2022 11:05:26 +0100
Message-Id: <20220218100554.1315511-19-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161906

Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ory-leak-on-uninserted-lv-references.patch | 50 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch

diff --git a/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch b/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
new file mode 100644
index 0000000000..26932f674c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
@@ -0,0 +1,50 @@
+From 3e1d2f1959acbe5152cdd5818d495f6455d1a158 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 10:00:51 +0000
+Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references
+
+The problem here is that the memory allocated to the variable lv is not
+yet inserted into the list that is being processed at the label fail2.
+
+As we can already see at line 342, which correctly frees lv before going
+to fail2, we should also be doing that at these earlier jumps to fail2.
+
+Fixes: CID 73824
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=156c281a1625dc73fd350530630c6f2d5673d4f6]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/disk/ldm.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 54713f4..e82e989 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk,
+ 	  lv->visible = 1;
+ 	  lv->segments = grub_zalloc (sizeof (*lv->segments));
+ 	  if (!lv->segments)
+-	    goto fail2;
++	    {
++	      grub_free (lv);
++	      goto fail2;
++	    }
+ 	  lv->segments->start_extent = 0;
+ 	  lv->segments->type = GRUB_DISKFILTER_MIRROR;
+ 	  lv->segments->node_count = 0;
+@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk,
+ 	  lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
+ 					     sizeof (*lv->segments->nodes));
+ 	  if (!lv->segments->nodes)
+-	    goto fail2;
++	    {
++	      grub_free (lv);
++	      goto fail2;
++	    }
+ 	  ptr = vblk[i].dynamic;
+ 	  if (ptr + *ptr + 1 >= vblk[i].dynamic
+ 	      + sizeof (vblk[i].dynamic))
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a8ee0dd68a..2fccdc2d62 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -64,6 +64,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \
            file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
            file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \
+           file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:27 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3772
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8B4D3C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:39 +0000 (UTC)
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com
 [209.85.221.43])
 by mx.groups.io with SMTP id smtpd.web10.9085.1645178798028664448
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:38 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=aQTMaCkQ;
 spf=pass (domain: gmail.com, ip: 209.85.221.43,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f43.google.com with SMTP id k1so13632974wrd.8
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=Kxcv53gL+SCfvq14d+AXQKLa9+TdEQmDoRhOBfRruOw=;
        b=aQTMaCkQGQm8bBs9ebfeDPqj07jg1UHqQdh0PPkRN7dDvdH9Gjh9hCVDg+2PElK7KX
         3IB/MbKlwElCBooD+6GQkIpL+4Vlh3iaS9c3uPcL8ZHxf0Q8PybKlmtxOoefw9EfvxU+
         1b3vrvtNAuMIsdldGm83c6dUu5hZZfQijraAJzHxEp/39zxrIlTmAXmXnPlKdgWKThAZ
         VHaB1f+vqDe81PKK85yZYuXnHAAUBxPwq1gdkihzD3OoQleqhjV5Gs6LHUu0g/bb7mXm
         0EGfgs8aoINz7WQ8segIXot5RW8bcm1ZLwGMDjDdjHXm1i9fmOe2O2aDRAW0hBVnz/17
         5bww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Kxcv53gL+SCfvq14d+AXQKLa9+TdEQmDoRhOBfRruOw=;
        b=IXXlyuc3HzZksHZceU+4IOLZpC2iiHT/ATgn49VsKAwnHPJX/PjQNarSDkPxpJUbtj
         nEUy1EmUybOrVeosSMq9m+MVYMjPm8bXp5H3jWyJWI2OGeAlPDiFHM9A3O0AbJ4Zftla
         VvdZGUNWMcMd5bQuJkNkn0gFAgp5Y41bVUb4ZbqBefwbjPzCAZd4JAidbFE3luRJmBvV
         QoKIx9fzskPiAms9Rw4ynSZ8z5f0IdkbOveY9UQMWrb9m8nLbHs1rxI1Pc7hmAMf9UQ8
         1iwyO2pRM1mcrIqlVhnD91ySs8LdlHA58Leh7XYUFN1oMqS0WrKhCveesXhIGl2v58dq
         7Ltw==
X-Gm-Message-State: AOAM533hXca6wVle6GO7P75OD0/T/i43kw1X4MiVl3KCTPzuoGDFHWnh
	GRhNSb+UmCyySUT4JKmf864=
X-Google-Smtp-Source: 
 ABdhPJwfFAm4lAAWlN8YtDKccQN+dZahS4Hw2GH0VQ8U/huHjPEmwggQKxHvioHTKH2LdQ9s13SJUA==
X-Received: by 2002:adf:f644:0:b0:1e3:bfed:6eb5 with SMTP id
 x4-20020adff644000000b001e3bfed6eb5mr5458255wrp.654.1645178796499;
        Fri, 18 Feb 2022 02:06:36 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:36 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 19/46][dunfell] grub: fix an integer overflow
Date: Fri, 18 Feb 2022 11:05:27 +0100
Message-Id: <20220218100554.1315511-20-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:39 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161907

This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...odisk-Fix-potential-integer-overflow.patch | 50 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch

diff --git a/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch
new file mode 100644
index 0000000000..dd7fda357d
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch
@@ -0,0 +1,50 @@
+From 2550aaa0c23fdf8b6c54e00c6b838f2e3aa81fe2 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 21 Jan 2021 11:38:31 +0000
+Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow
+
+The encrypt and decrypt functions expect a grub_size_t. So, we need to
+ensure that the constant bit shift is using grub_size_t rather than
+unsigned int when it is performing the shift.
+
+Fixes: CID 307788
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a201ad17caa430aa710654fdf2e6ab4c8166f031]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/disk/cryptodisk.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5037768..6883f48 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
+ 	case GRUB_CRYPTODISK_MODE_CBC:
+ 	  if (do_encrypt)
+ 	    err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,
+-					   (1U << dev->log_sector_size), iv);
++					   ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  else
+ 	    err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
+-					   (1U << dev->log_sector_size), iv);
++					   ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  if (err)
+ 	    return err;
+ 	  break;
+@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
+ 	case GRUB_CRYPTODISK_MODE_PCBC:
+ 	  if (do_encrypt)
+ 	    err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i,
+-					    (1U << dev->log_sector_size), iv);
++					    ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  else
+ 	    err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
+-					    (1U << dev->log_sector_size), iv);
++					    ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  if (err)
+ 	    return err;
+ 	  break;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2fccdc2d62..130f32551b 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -65,6 +65,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
            file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \
            file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
+           file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:28 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3773
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 76A62C433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:40 +0000 (UTC)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by mx.groups.io with SMTP id smtpd.web10.9086.1645178799036407702
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:39 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=X6R45FzI;
 spf=pass (domain: gmail.com, ip: 209.85.128.54,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f54.google.com with SMTP id
 az26-20020a05600c601a00b0037c078db59cso5984692wmb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=oLnJ3ZwPwWCokuarsihx+lWfeX96TGoaxtod25yLPG8=;
        b=X6R45FzIjWb4EiJfVo12jWS02X4aT7py8WLrd7AZiYx3j01d8bW8S0y386evemDNn5
         V6Mfk43G41LIKyOflZ57FddSNlni8YO0lgpRvnBfwc+/RTUwAaF4NDCEaYNJzeZNylUt
         jsezQ8TREjHN9/viSs9NoVm3uZP7eyHHpQVnayOzjSEL7D23w1wAMdELB0sRpKgtiDl5
         I8Me/PvNs9XJt1vnR2+2NJFyqryBGZe81gT/2qLjc5uQC5OAM85+CeZ2kqJa5nimRRgQ
         j10wi1Vn9E0Mc2lRmlnzdg9750xh+OpiPZwKalw2Nr7dUynYXrdv6QecyloF4PFYy6vn
         aXaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=oLnJ3ZwPwWCokuarsihx+lWfeX96TGoaxtod25yLPG8=;
        b=qYIvgTOz25QGseTvWVzETHltsgPjyYxjpm/cagMAG12ttX+9n0D8QGBythbvGTV0Ex
         6ifgYXNhOsq3qhe1r/usdW6EDai4xqT5jpYAD4E5w2O8/y+QFxJp2fgbTGzynhUemLgj
         waCLj+cYpLrYR4AFiDVMCEHsQhTgwFZn95oGqZfwx+fWg6Owr57INrIuepuwYHhMtHG2
         C9rej/IxVha7qsnOVcLNqpb20Q59JDpXZpGKW6UM7WXF5NptC0LVeLKcU6XACCQV16YP
         /DinmEZZdJ/coBPv/rDskhfqRmgLSDwVrhJskHJPMox6tr7mlG6qckXJLPb4zP2AAINd
         GYVg==
X-Gm-Message-State: AOAM533s4SUpHhjgSNyJUuBgF9L1pT1YUI+AIexuKOlFEOh0REKzyEsf
	sN4FCiYlz4p7KCY/SBzo3Ko=
X-Google-Smtp-Source: 
 ABdhPJxY6WM1iVJqxOuno16PUVwt3/kF8utpGbWUDai9ShF1RIBXnD7EvszaCgKWqg4kxRRW8jAF3w==
X-Received: by 2002:a05:600c:414c:b0:37b:c80e:e3dc with SMTP id
 h12-20020a05600c414c00b0037bc80ee3dcmr9786348wmm.116.1645178797556;
        Fri, 18 Feb 2022 02:06:37 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:37 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 20/46][dunfell] grub: add a fix for a length check
Date: Fri, 18 Feb 2022 11:05:28 +0100
Message-Id: <20220218100554.1315511-21-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161908

This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...that-the-volume-name-length-is-valid.patch | 43 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch

diff --git a/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch
new file mode 100644
index 0000000000..eb459c547f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch
@@ -0,0 +1,43 @@
+From 7c1813eeec78892fa651046cc224ae4e80d0c94d Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 23 Oct 2020 17:09:31 +0000
+Subject: [PATCH] hfsplus: Check that the volume name length is valid
+
+HFS+ documentation suggests that the maximum filename and volume name is
+255 Unicode characters in length.
+
+So, when converting from big-endian to little-endian, we should ensure
+that the name of the volume has a length that is between 0 and 255,
+inclusive.
+
+Fixes: CID 73641
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2298f6e0d951251bb9ca97d891d1bc8b74515f8c]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/hfsplus.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index dae43be..03c3c4c 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -1007,6 +1007,15 @@ grub_hfsplus_label (grub_device_t device, char **label)
+     grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
+ 
+   label_len = grub_be_to_cpu16 (catkey->namelen);
++
++  /* Ensure that the length is >= 0. */
++  if (label_len < 0)
++    label_len = 0;
++
++  /* Ensure label length is at most 255 Unicode characters. */
++  if (label_len > 255)
++    label_len = 255;
++
+   label_name = grub_calloc (label_len, sizeof (*label_name));
+   if (!label_name)
+     {
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 130f32551b..3c5274fd96 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -66,6 +66,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \
            file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
            file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \
+           file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:29 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3774
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 759ACC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:41 +0000 (UTC)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com
 [209.85.128.52])
 by mx.groups.io with SMTP id smtpd.web10.9087.1645178800101121356
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:40 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=f7ShmLaN;
 spf=pass (domain: gmail.com, ip: 209.85.128.52,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f52.google.com with SMTP id
 bg21-20020a05600c3c9500b0035283e7a012so6024648wmb.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=Va8D6+aLfs2dbpdI8ByudUJBjWpuScttYwJQMGtB7oU=;
        b=f7ShmLaN5Lo2bBNqIiW2efmx2LzRY6mYlUy/CPr0oZx3av3XIxc2psLIDczE751Wby
         oX+WXP0k6mil4dUt6mBGxgWW5wr/7h5UhXeVRSgkMcnMNVRNF8R92GZdhXYvf/TpS5Hf
         7SOkLclEFOBazeevq4allXr6RJGLLSfxe4yOxPWJs8MSPmU+BNmw85n7nYGd8AtT28D/
         Pl+fo3VZIgBrM4zVzSVuJmSWO23VtkIR7gAo2hDCu0RikfytYaAZQQrgj1MKbLmRtHEp
         bxGxE+Zz8oTI7M+R+9z4futQlc9oZIb/SaEhtsqSNzo+MrSpblVpc2J8StS0RaxyMTY7
         dzNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Va8D6+aLfs2dbpdI8ByudUJBjWpuScttYwJQMGtB7oU=;
        b=5O2ejMvB1vsG7asOzTUUvna1/1LZQ2TPgt/+fUfD1YKJBBNLkpr1po6Bjez1dvjlZl
         TbjTgBD/eQkgfc99HCpOB/bJQYvgn79aPCXxhapeT5eTZ2UCZEeHVJmZjSQncjsML4DJ
         ZUjPn93nNTlQmNQsiGA+wd5aYWFWBnhgUzqicvqOweP2ZObN4179em7rUgPiU516pXoF
         cxrhTFgW+kSupZZO6x3joALKUhlRO2u8gYnvJ3CjrYFdTi03vrgWn0pejhsB0Zlc34aQ
         /JiY9Nk9sUg0w2nq0ZaqitELlmqA3a9M8BiKhJzXm0XdLvJi7kaqCukJet9r5H64E5DS
         yygA==
X-Gm-Message-State: AOAM531W8ZO0fOv4/e2XBYGohx3+Ds48USOGQwLeLCk91vaiQNFqd/2m
	3681kQz1LUbrTAzH2osyriE=
X-Google-Smtp-Source: 
 ABdhPJzIj0I2O6D6EVkc1YzPVC+p+eR+RoUo/lunhaSD0m6/MisoU8in2NVQy/ZnxTDW+TKe3nucVA==
X-Received: by 2002:a1c:7518:0:b0:37c:7eb:f255 with SMTP id
 o24-20020a1c7518000000b0037c07ebf255mr9826754wmc.29.1645178798603;
        Fri, 18 Feb 2022 02:06:38 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:38 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 21/46][dunfell] grub: add a fix for a possible negative shift
Date: Fri, 18 Feb 2022 11:05:29 +0100
Message-Id: <20220218100554.1315511-22-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161909

This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ix-possible-negative-shift-operation.patch | 42 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch

diff --git a/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch b/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch
new file mode 100644
index 0000000000..12418858f9
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch
@@ -0,0 +1,42 @@
+From c757779e5d09719666c3b155afd2421978a107bd Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 24 Nov 2020 16:41:49 +0000
+Subject: [PATCH] zfs: Fix possible negative shift operation
+
+While it is possible for the return value from zfs_log2() to be zero
+(0), it is quite unlikely, given that the previous assignment to blksz
+is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the
+assignment to epbs.
+
+But, while unlikely during a normal operation, it may be that a carefully
+crafted ZFS filesystem could result in a zero (0) value to the
+dn_datalbkszsec field, which means that the shift left does nothing
+and assigns zero (0) to blksz, resulting in a negative epbs value.
+
+Fixes: CID 73608
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a02091834d3e167320d8a262ff04b8e83c5e616d]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/zfs/zfs.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 36d0373..0c42cba 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
+   blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec, 
+ 			     mdn->endian) << SPA_MINBLOCKSHIFT;
+   epbs = zfs_log2 (blksz) - DNODE_SHIFT;
++
++  /* While this should never happen, we should check that epbs is not negative. */
++  if (epbs < 0)
++    epbs = 0;
++
+   blkid = objnum >> epbs;
+   idx = objnum & ((1 << epbs) - 1);
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 3c5274fd96..360e86685b 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -67,6 +67,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
            file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \
            file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
+           file://0021-zfs-Fix-possible-negative-shift-operation.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:30 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3775
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 77B25C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:42 +0000 (UTC)
Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com
 [209.85.221.46])
 by mx.groups.io with SMTP id smtpd.web12.9110.1645178801320654077
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:41 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=T8M2nNqP;
 spf=pass (domain: gmail.com, ip: 209.85.221.46,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f46.google.com with SMTP id d27so13637839wrc.6
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=DAMDGn2h+wuKexum5WWIIZnRvyoYO6DvB1Tz3SllIHg=;
        b=T8M2nNqP61U5Ge4ZRL7HQghKSqPgmaeD3ZqjwpqGpoQe5ej1ODi76gKi0WuJH0RIrX
         gB0L9oOxCNgYK+QUREBkeoc7qvJWv5rgDtnoseR2bW98G4/1ardyiOxSWPXXkKNIZmaq
         KpkrQBjO9QIgzVMOOpi6bdzXZicEod3pbjo0oDNKuqnt6t022LSKmRD8g+Kl+RE9Kk3d
         KGQ2kyPqvZqH4IBBNgorqsoACGh76g/bHk4ZccXnTg/FGxlpTIwVEE2leiOC3NrRmhZS
         rUI5fRz+ObYhVfOaxD7GnHkdFsoELso+W+HMMnNfDm9k3o+JbI9FlkoiCb/fpMPSJaeT
         vKzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=DAMDGn2h+wuKexum5WWIIZnRvyoYO6DvB1Tz3SllIHg=;
        b=VSUsmo2FCLCkJm7OY7UT2aFxQJ1iKEU61+UNykwZIvV16LiIN2kHvf+BiHqWn5MbzY
         0wVytDs5p86vynCz/TOHt8BaXZroArNhcVerRdyjRn04XaYEhBbjEt47lDvQe0MG+AmK
         xzqvMr4ddaFDL5pqDadRNbUNiq0k4uRsTwWYUk+lmrZhryiOvaILe9+mlYY7vtUSW1SC
         VY/UqTig6r7LTZK79dxp5BvjJT20AfJUmZEa3FDrnbLkLyiWsH5S0dZ+v/YoTbCPy6Tl
         gZaRIBOpOH3OZyz5oQSP3v1CwIpJJc4ct3l4MAcK2sdCkpxu6IPSA1asFw72HoA8M6EP
         /kaQ==
X-Gm-Message-State: AOAM5309aeQC6R1MfjgqWJFTg5Nh4Jmx8zUSpGr8GpSm1Ai36XiHy1vI
	HPrxnv5q1SVLaae3J3luKJAmpDUlQW4=
X-Google-Smtp-Source: 
 ABdhPJzAkOA64ldcqoISkcNPdppuhIsxkFTWjyaq2OVxsXQ9hOUidc8+J79FtMLe6mLFBHxYwYC1MA==
X-Received: by 2002:adf:ecc5:0:b0:1e5:7908:966b with SMTP id
 s5-20020adfecc5000000b001e57908966bmr5285263wro.661.1645178799820;
        Fri, 18 Feb 2022 02:06:39 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:39 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 22/46][dunfell] grub: add a fix for a memory leak
Date: Fri, 18 Feb 2022 11:05:30 +0100
Message-Id: <20220218100554.1315511-23-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:42 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161910

This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...source-leaks-while-constructing-path.patch | 121 ++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 2 files changed, 122 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch

diff --git a/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch b/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch
new file mode 100644
index 0000000000..5ded5520e9
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch
@@ -0,0 +1,121 @@
+From 83fdffc07ec4586b375ab36189f255ffbd8f99c2 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Date: Mon, 14 Dec 2020 18:54:49 -0300
+Subject: [PATCH] zfs: Fix resource leaks while constructing path
+
+There are several exit points in dnode_get_path() that are causing possible
+memory leaks.
+
+In the while(1) the correct exit mechanism should not be to do a direct return,
+but to instead break out of the loop, setting err first if it is not already set.
+
+The reason behind this is that the dnode_path is a linked list, and while doing
+through this loop, it is being allocated and built up - the only way to
+correctly unravel it is to traverse it, which is what is being done at the end
+of the function outside of the loop.
+
+Several of the existing exit points correctly did a break, but not all so this
+change makes that more consistent and should resolve the leaking of memory as
+found by Coverity.
+
+Fixes: CID 73741
+
+Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=89bdab965805e8d54d7f75349024e1a11cbe2eb8]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/zfs/zfs.c | 30 +++++++++++++++++++++---------
+ 1 file changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 0c42cba..9087a72 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 
+       if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS)
+ 	{
+-	  grub_free (path_buf);
+-	  return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
++	  err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
++	  break;
+ 	}
+       err = zap_lookup (&(dnode_path->dn), cname, &objnum,
+ 			data, subvol->case_insensitive);
+@@ -2879,11 +2879,18 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 		       << SPA_MINBLOCKSHIFT);
+ 
+ 	      if (blksz == 0)
+-		return grub_error(GRUB_ERR_BAD_FS, "0-sized block");
++                {
++                  err = grub_error (GRUB_ERR_BAD_FS, "0-sized block");
++                  break;
++                }
+ 
+ 	      sym_value = grub_malloc (sym_sz);
+ 	      if (!sym_value)
+-		return grub_errno;
++		{
++		  err = grub_errno;
++		  break;
++		}
++
+ 	      for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++)
+ 		{
+ 		  void *t;
+@@ -2893,7 +2900,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 		  if (err)
+ 		    {
+ 		      grub_free (sym_value);
+-		      return err;
++		      break;
+ 		    }
+ 
+ 		  movesize = sym_sz - block * blksz;
+@@ -2903,6 +2910,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 		  grub_memcpy (sym_value + block * blksz, t, movesize);
+ 		  grub_free (t);
+ 		}
++		if (err)
++		  break;
+ 	      free_symval = 1;
+ 	    }	    
+ 	  path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1);
+@@ -2911,7 +2920,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 	      grub_free (oldpathbuf);
+ 	      if (free_symval)
+ 		grub_free (sym_value);
+-	      return grub_errno;
++	      err = grub_errno;
++	      break;
+ 	    }
+ 	  grub_memcpy (path, sym_value, sym_sz);
+ 	  if (free_symval)
+@@ -2949,11 +2959,12 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 	      
+ 	      err = zio_read (bp, dnode_path->dn.endian, &sahdrp, NULL, data);
+ 	      if (err)
+-		return err;
++	        break;
+ 	    }
+ 	  else
+ 	    {
+-	      return grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt");
++	      err = grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt");
++	      break;
+ 	    }
+ 
+ 	  hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp));
+@@ -2974,7 +2985,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 	      if (!path_buf)
+ 		{
+ 		  grub_free (oldpathbuf);
+-		  return grub_errno;
++		  err = grub_errno;
++		  break;
+ 		}
+ 	      grub_memcpy (path, sym_value, sym_sz);
+ 	      path [sym_sz] = 0;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 360e86685b..1630235edd 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -68,6 +68,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \
            file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
            file://0021-zfs-Fix-possible-negative-shift-operation.patch \
+           file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:31 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3776
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 77EC4C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:43 +0000 (UTC)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com
 [209.85.128.53])
 by mx.groups.io with SMTP id smtpd.web08.8975.1645178802267306741
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:42 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=AFo28lHP;
 spf=pass (domain: gmail.com, ip: 209.85.128.53,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f53.google.com with SMTP id
 m126-20020a1ca384000000b0037bb8e379feso8207480wme.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=sgcUXiZKuT+Si+0wkIhD0+HfFQ2nanb9M2QPXhyOLSo=;
        b=AFo28lHPfGSbOoNdOJRRvFlh53IEjtR7jQALw6hC/L3gzs2fRKPITl9RXyjb2WEHQA
         5O0YkzjqKbwhy6NyLuPQ6krpI8Ny6+NJEoyyYO+sM+YL1mrwPEQoRarIaM1gX0fOp7MR
         3voCxIwj4lpj0XkzbGI5KAMZYErlgRW2yL2IW5Hlsc0roZjoT9LKmaOrMZKZ5y6rhUV1
         AVl8aXt7D+MVWu9BPH+eanfflQPT4ZA+8Su7KyFuNISFe/tyX8D0ty4/w4nlZxCMZ3Wd
         b09HggwuuB5b9mzLky0Jo1wvEuD/qTTy/ZqWj5DRDX1JrQjq8vRKxN/+WGuHOzKAy4ax
         9mLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=sgcUXiZKuT+Si+0wkIhD0+HfFQ2nanb9M2QPXhyOLSo=;
        b=UOoR82NW3LDpU7y+p0Odw4095l7LD5jWdlE4csAEnp+YBE2tpRFBFpFrf3Kh2irZU8
         baPzyL5Rsrn6ntgpTDZEt1g638/A7QHJ2GVmVAOHgFx2Qy/03KTYYEYjjGRIcgd58ysd
         VOYWUESbXY/fukqlgmauTbE2/ZcZdYyEpB6/2/vOy1l1Mv6rDCWMRwUWqihuFJyeK/wF
         J0ykzn0f7Z0x3bqzEhAWZFWk/0XqRzsq+e+fGs1I1ojjlzrez24BjtZHuJPoFSqcMtaF
         OWiH6Q8sagsi/o1883QKtkEnI3bTQ6X0mndKMQCfP4djIzxiYJnzP4+rs7Xt1ejMgzQb
         +GrA==
X-Gm-Message-State: AOAM530rJkhSYuc6HsIqOITjMUq+zTlU4+5CSDHChtTt6FOAXzTsVmTE
	EysaZGyaKck6uymK6exxgPA=
X-Google-Smtp-Source: 
 ABdhPJz/UFXxqHIc5Lxke2+GOmumy0CuFjTs8ZJOY6jYHw9uRGvgtQH9KOqP3EnoByn9vs9I5ch1gg==
X-Received: by 2002:a7b:c016:0:b0:37b:ebf6:3d13 with SMTP id
 c22-20020a7bc016000000b0037bebf63d13mr10228322wmb.191.1645178800792;
        Fri, 18 Feb 2022 02:06:40 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:40 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 23/46][dunfell] grub: add a fix for possible integer overflows
Date: Fri, 18 Feb 2022 11:05:31 +0100
Message-Id: <20220218100554.1315511-24-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:43 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161911

This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...3-zfs-Fix-possible-integer-overflows.patch | 56 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch

diff --git a/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch b/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch
new file mode 100644
index 0000000000..8df758b41f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch
@@ -0,0 +1,56 @@
+From ec35d862f3567671048aa0d0d8ad1ded1fd25336 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 22:17:04 +0000
+Subject: [PATCH] zfs: Fix possible integer overflows
+
+In all cases the problem is that the value being acted upon by
+a left-shift is a 32-bit number which is then being used in the
+context of a 64-bit number.
+
+To avoid overflow we ensure that the number being shifted is 64-bit
+before the shift is done.
+
+Fixes: CID 73684, CID 73695, CID 73764
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=302c12ff5714bc455949117c1c9548ccb324d55b]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/zfs/zfs.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 9087a72..b078ccc 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array,
+       ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array
+ 				    + ((i << ub_shift)
+ 				       / sizeof (grub_properly_aligned_t)));
+-      err = uberblock_verify (ubptr, offset, 1 << ub_shift);
++      err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift);
+       if (err)
+ 	{
+ 	  grub_errno = GRUB_ERR_NONE;
+@@ -1543,7 +1543,7 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc,
+ 
+ 	    high = grub_divmod64 ((offset >> desc->ashift) + c,
+ 				  desc->n_children, &devn);
+-	    csize = bsize << desc->ashift;
++	    csize = (grub_size_t) bsize << desc->ashift;
+ 	    if (csize > len)
+ 	      csize = len;
+ 
+@@ -1635,8 +1635,8 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc,
+ 
+ 	    while (len > 0)
+ 	      {
+-		grub_size_t csize;
+-		csize = ((s / (desc->n_children - desc->nparity))
++		grub_size_t csize = s;
++		csize = ((csize / (desc->n_children - desc->nparity))
+ 			 << desc->ashift);
+ 		if (csize > len)
+ 		  csize = len;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1630235edd..9158fc7f50 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -69,6 +69,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
            file://0021-zfs-Fix-possible-negative-shift-operation.patch \
            file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
+           file://0023-zfs-Fix-possible-integer-overflows.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:32 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3777
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 755F6C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:44 +0000 (UTC)
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com
 [209.85.221.41])
 by mx.groups.io with SMTP id smtpd.web11.9183.1645178803307073628
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:43 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=cO0gVtnx;
 spf=pass (domain: gmail.com, ip: 209.85.221.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f41.google.com with SMTP id k1so13633371wrd.8
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=c0bF28jMT2FUs1tth6oo0AxFZMx1WUzgqCwYvooCrVk=;
        b=cO0gVtnxgYVYJGWGGzlw+rky3hlpHF8NbVviqwl6pnX7C0bdqsqlRLoTLahWNVIl2j
         D7T+ZKM3aVkHZzeYTegYgg/i8BOZIJZOZf7hFeepfA3nSSc4kPfxatgONcCnqZ44WYIy
         QyW4uCkn4rNLQfVg5f2OL9wqjwkp3e1qJxStbrdEcifHwKX/iVC/Y7sbYPER3PdM+BQq
         kQHzbK2QerW9gY6iU/NVaMP7AfzmynUd2LFbMJobU9KO9lOGaK296I2Cjvy0u5XjNaOT
         C5ez5RF7AMvu6POvmTNyt951gS815sCIyQ7y+EPWJpBSiVqmNi+DMyVvxkJDBEsq5ATZ
         WX4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=c0bF28jMT2FUs1tth6oo0AxFZMx1WUzgqCwYvooCrVk=;
        b=7x+q5kuVXYfvbPD2gUUSOVisRxvH011yzxLkxaVOQ1ilNXU8BYiAQuD1wkzvPcnY23
         6mbzMtv1L1/BlgZVR7Wn8PGoIuXP/kGOTX+LnPuoaiuy+1PWpDaPdQ3GeTtwel66nFJ8
         qhicWxTV98TnRYV3bvOzkdkMRpHJfwfvyXZifvb/hdx5u0scNslDXnOJ7G50XEKrNPcg
         Hnk1CSR+0/NNREBatTB/fRoD4qk1n+kFEwEg8V3MktIdnk94AuTHt5DOSTq/9fN8BJFW
         0hSn89sJ9Fw64OWObQagCPKf9BXsWlFDZWSbZuCUbiByT5S3g+h/cx/sIDVdV+y0iQqd
         oVYg==
X-Gm-Message-State: AOAM533RQeXvig9Vj3Hop9Gfd7dc/YpGUS3QlRZZvkxBe5KulqnLX5lU
	6+sFq9IlJ4Qxc3QVBQxj8C4=
X-Google-Smtp-Source: 
 ABdhPJwZE0SWCzfT9/jTHujM0Ok4E681BllwxwffzNLPURbCbi/ih6FGGpGV2NGnX4UQ05BFI0fz6g==
X-Received: by 2002:a5d:6701:0:b0:1e3:3ba6:d2e8 with SMTP id
 o1-20020a5d6701000000b001e33ba6d2e8mr5379633wru.221.1645178801847;
        Fri, 18 Feb 2022 02:06:41 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:41 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 24/46][dunfell] grub: fix an error check
Date: Fri, 18 Feb 2022 11:05:32 +0100
Message-Id: <20220218100554.1315511-25-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161912

This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...-a-check-for-error-allocating-memory.patch | 35 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch

diff --git a/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch b/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
new file mode 100644
index 0000000000..555dc19168
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
@@ -0,0 +1,35 @@
+From b085da8efda9b81f94aa197ee045226563554fdf Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 10:56:45 +0000
+Subject: [PATCH] zfsinfo: Correct a check for error allocating memory
+
+While arguably the check for grub_errno is correct, we should really be
+checking the return value from the function since it is always possible
+that grub_errno was set elsewhere, making this code behave incorrectly.
+
+Fixes: CID 73668
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7aab03418ec6a9b991aa44416cb2585aff4e7972]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/zfs/zfsinfo.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c
+index c8a28ac..bf29180 100644
+--- a/grub-core/fs/zfs/zfsinfo.c
++++ b/grub-core/fs/zfs/zfsinfo.c
+@@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ ((unused)), int argc,
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+ 
+   devname = grub_file_get_device_name (args[0]);
+-  if (grub_errno)
+-    return grub_errno;
++  if (devname == NULL)
++    return GRUB_ERR_OUT_OF_MEMORY;
+ 
+   dev = grub_device_open (devname);
+   grub_free (devname);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 9158fc7f50..a660c069db 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -70,6 +70,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0021-zfs-Fix-possible-negative-shift-operation.patch \
            file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
            file://0023-zfs-Fix-possible-integer-overflows.patch \
+           file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:33 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3778
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 787BCC433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:45 +0000 (UTC)
Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com
 [209.85.221.52])
 by mx.groups.io with SMTP id smtpd.web08.8976.1645178804530531623
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:44 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Dpm7jTOf;
 spf=pass (domain: gmail.com, ip: 209.85.221.52,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f52.google.com with SMTP id m27so1843951wrb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=EN/Si7yw7eYL9s5CnCOw/Ow5dn9/jmpJuHS+Pw/l1zg=;
        b=Dpm7jTOfWDc7WJhLw3x+0CPFYH9CXFIBBBG5Zc/n7z1/Y/AO6Yz4C0ZoIqKNrn4+/j
         cb3nKw0dunMSoqFe0lvRAzItNfftihcrYuAUjurL8zOnVOI+6BeXZMqev4xdO5dhzrTR
         pO6yfZ8mRQLImKrnzcnHwsiOAeAofN4kPClEGldL4xv2AhhkMN+dMVqbAMZbGsBHZr+k
         mmLErW39IhJJpcko7u4KZ7YfYqOg2FSNiIQZMc2n/a2iMZoK5RGrJO/bR0pdXFMiuToq
         colvvJIAtve7YgETZogGPGS7pju6ef/lsxkVVVwHTEf0pOCNQfzTIl0/7e48JHGBqWFK
         K2rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=EN/Si7yw7eYL9s5CnCOw/Ow5dn9/jmpJuHS+Pw/l1zg=;
        b=GWZbiJlaj1WtzZRg4kYC7227d/Z+goJBhXFtv0uQkm/5pXvokmNP54vj4biSbTePuW
         +9sN94SFbPJj3f/AgTJfOgspty4puINygEuo+peIGHQ1JVRVwEGTnEPz9Pul0hKP2mVc
         Q8RJjiYXcdf2NO8nOWv27zN+k0wPf2sHsRijzl83xMHqpf3H9URhiWk+vXp+GIq3nGt7
         RuAg+8rWWahZ4UOLy197itJSt+ga9iri7EZ69jUuIkgUExqv30hylL3844E7uR4xUmAD
         5367SQKdc95Td6lbCpjJ/3WXV5HrnLirZdLp1sN/WlzWURczRW3/EGSXGoBS3Lg4pM3x
         QkMg==
X-Gm-Message-State: AOAM533ZvbnAqvoOasfKs+nMemrXVTUlR/pQjKvpsldfgNPNKectTXVD
	z+HFVlpyXpDrInEzakbr/1Y=
X-Google-Smtp-Source: 
 ABdhPJwT6Giq22aZzZJk2HRjAyuZmRstqA5GQWgGRaoBlhZOLbp5RTroWrszdvuL+Ukami+KxGB3Gw==
X-Received: by 2002:a5d:680c:0:b0:1e4:2d98:46fe with SMTP id
 w12-20020a5d680c000000b001e42d9846femr5602713wru.411.1645178803030;
        Fri, 18 Feb 2022 02:06:43 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.41
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:42 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 25/46][dunfell] grub: add a fix for a memory leak
Date: Fri, 18 Feb 2022 11:05:33 +0100
Message-Id: <20220218100554.1315511-26-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:45 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161913

This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 .../files/0025-affs-Fix-memory-leaks.patch    | 82 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 83 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch

diff --git a/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
new file mode 100644
index 0000000000..435130516c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
@@ -0,0 +1,82 @@
+From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 12:48:07 +0000
+Subject: [PATCH] affs: Fix memory leaks
+
+The node structure reference is being allocated but not freed if it
+reaches the end of the function. If any of the hooks had returned
+a non-zero value, then node would have been copied in to the context
+reference, but otherwise node is not stored and should be freed.
+
+Similarly, the call to grub_affs_create_node() replaces the allocated
+memory in node with a newly allocated structure, leaking the existing
+memory pointed by node.
+
+Finally, when dir->parent is set, then we again replace node with newly
+allocated memory, which seems unnecessary when we copy in the values
+from dir->parent immediately after.
+
+Fixes: CID 73759
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/affs.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 220b371..230e26a 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ {
+   unsigned int i;
+   struct grub_affs_file file;
+-  struct grub_fshelp_node *node = 0;
++  struct grub_fshelp_node *node, *orig_node;
+   struct grub_affs_data *data = dir->data;
+   grub_uint32_t *hashtable;
+ 
+   /* Create the directory entries for `.' and `..'.  */
+-  node = grub_zalloc (sizeof (*node));
++  node = orig_node = grub_zalloc (sizeof (*node));
+   if (!node)
+     return 1;
+     
+@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+     return 1;
+   if (dir->parent)
+     {
+-      node = grub_zalloc (sizeof (*node));
+-      if (!node)
+-	return 1;
+       *node = *dir->parent;
+       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
+ 	return 1;
+@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ 
+ 	  if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
+ 				     next, &file))
+-	    return 1;
++	    {
++	      /* Node has been replaced in function. */
++	      grub_free (orig_node);
++	      return 1;
++	    }
+ 
+ 	  next = grub_be_to_cpu32 (file.next);
+ 	}
+     }
+ 
+-  grub_free (hashtable);
+-  return 0;
+-
+  fail:
+-  grub_free (node);
++  grub_free (orig_node);
+   grub_free (hashtable);
+   return 0;
+ }
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a660c069db..13e2b1600d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -71,6 +71,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
            file://0023-zfs-Fix-possible-integer-overflows.patch \
            file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
+           file://0025-affs-Fix-memory-leaks.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:34 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3779
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 78635C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:46 +0000 (UTC)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com
 [209.85.128.51])
 by mx.groups.io with SMTP id smtpd.web12.9111.1645178805499788543
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:45 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=ParpQTve;
 spf=pass (domain: gmail.com, ip: 209.85.128.51,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f51.google.com with SMTP id
 bg21-20020a05600c3c9500b0035283e7a012so6024851wmb.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=walkTcrTgqRkne9zvhXa3s9am5tA6qXFUnkpBRN6bRk=;
        b=ParpQTve1445Dn6P6SrSz5uFHMj5NLmPLE797TkpU8JjMkEp5iE0oUI2BIj+YmBetD
         pAvj5aNWjaXoDZiRRFb83rB8HE54r/bl9yf1PljY+r0G+UKxCtFO+WgXB5uYOjfxC3QM
         MIj/xZuVNNtmFVVM0OlH37C/HFIV5UPW8fRMUKpfaHgd/x3KowGCg5XAr+rI05IXjFZJ
         cnq7w/9kIaBqGuUTfSbftEFW0ov5bU9ruXPLeCB9Rrvn8kHyPjVuiAmV47tUOEcUYgxr
         FgVbgeYGI1E+bSr57pv94AelMsTujAblnT4/s3dBnFR014OK0rjueVk+HC0o4dSMIOJy
         ZbBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=walkTcrTgqRkne9zvhXa3s9am5tA6qXFUnkpBRN6bRk=;
        b=eUb09zCYqjtmlefmm352a03oVd8vM2MciC9aoE6FaCmkVVTUXifWVbpocv4Ddzk2Nf
         mAW01EQ/Rxgc0EaXK+l2x2OtgAKEw81vvwpTnb7FsdQMEyKV6n2EptV4sstWrv03gbYH
         o8qfScjoxH/ksZkoJdqQEJ2gBr3A2kvd6M5H8pU4hImhhmg4v4SGSDkRue2D1MsR1bx6
         pOmBUxcMxdqVTYV479qAx/dnigCuUgUt0LUU+dehy87NMkTG2OJy2rq+NAYqv5XRjMLQ
         SVhht13OkMacvzC7CGhN0ojxt5n/JGNyyG04qgJ43nUwk7YWn5kUSbbQFss8EJTcmK7A
         hxIg==
X-Gm-Message-State: AOAM5313oGUsf8FupiWfuMLfDWW7IemzkPMQr+lMdvRKRPFipFJ91dDZ
	gr/OBE1/MvepiITx6X1OmRgS8cfbneI=
X-Google-Smtp-Source: 
 ABdhPJzvdQqt6IGTwFL19+OvzW9VVSX9JQ6TC7QPC7mrbIc88ShsQoswDxO4f4hiLZwqcbjQRHIOYQ==
X-Received: by 2002:a05:600c:4e13:b0:37c:fd8e:28d7 with SMTP id
 b19-20020a05600c4e1300b0037cfd8e28d7mr9883075wmq.51.1645178804078;
        Fri, 18 Feb 2022 02:06:44 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.43
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:43 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 26/46][dunfell] grub: add a fix for a possible unintended sign
 extension
Date: Fri, 18 Feb 2022 11:05:34 +0100
Message-Id: <20220218100554.1315511-27-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:46 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161914

This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...x-possible-unintended-sign-extension.patch | 36 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch

diff --git a/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch b/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
new file mode 100644
index 0000000000..f500f1a296
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
@@ -0,0 +1,36 @@
+From 9b16d7bcad1c7fea7f26eb2fb3af1a5ca70ba34e Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 3 Nov 2020 16:43:37 +0000
+Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension
+
+The array of unsigned char gets promoted to a signed 32-bit int before
+it is finally promoted to a size_t. There is the possibility that this
+may result in the signed-bit being set for the intermediate signed
+32-bit int. We should ensure that the promotion is to the correct type
+before we bitwise-OR the values.
+
+Fixes: CID 96697
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e8814c811132a70f9b55418f7567378a34ad3883]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+
+---
+ grub-core/lib/libgcrypt/mpi/mpicoder.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+index a3435ed..7ecad27 100644
+--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
+       if (len && len < 4)
+         return gcry_error (GPG_ERR_TOO_SHORT);
+ 
+-      n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
++      n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]);
+       s += 4;
+       if (len)
+         len -= 4;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 13e2b1600d..be35ac04ef 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -72,6 +72,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0023-zfs-Fix-possible-integer-overflows.patch \
            file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
            file://0025-affs-Fix-memory-leaks.patch \
+           file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:35 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3780
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 788F8C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:47 +0000 (UTC)
Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com
 [209.85.221.42])
 by mx.groups.io with SMTP id smtpd.web12.9112.1645178806679543652
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:47 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=ehG2HWbp;
 spf=pass (domain: gmail.com, ip: 209.85.221.42,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f42.google.com with SMTP id d27so13657078wrb.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=0Ll/n0CqAy52XTPPZ01U0wy//jTdAPdZsfez4jhJGPA=;
        b=ehG2HWbpaV75f/v7Opb9nb/eju954MGcbe3kxZTS94fxvPOEUX8+Bj/c3LE+Dg46gA
         CszbaCKsHKUHedz2gKi8F1TCmIP6CLgcjIjsFo2bWZZYRBYGkVrD8Q0UHZ8XhzTUzDen
         e8jeGiWTg/+1lnXpdQoJtfRtYK1YWLD0Xh3WagvcA8erwQu/rYD9D6I1pzMuAMOv3LZ/
         JWewmIuxyu0qAo3P+LOnyGu2qlAxz1NRpPWMn4fy6niwhXXuTgeHE5s005X7OK2J5ila
         PEcpB/y4SLKNbvIfKRU6InIRRn2/W7IB0OQjbsLgNcklF9Izr0DgtnxKtXHVwJq+0lQV
         Gfsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=0Ll/n0CqAy52XTPPZ01U0wy//jTdAPdZsfez4jhJGPA=;
        b=aZWwoL22x98TXVi1QLjz94UKnFYNV6l6aQk9wz/s1OL1ACdzaLdke1bk1sOjDmPmWm
         FWAxyn1bWHHKo/6eCCn5jL5FsjEWmqQ6kYr+GFnod+SGR1yCqd+pNK/krAP+yNDjbbRi
         7/2tDlDonqINz1YOAxFvNeKLHIp9WleHCnjeNnQ0FeecosEkQgOb9MRdl4/nyLb10Q5G
         PFgkZ8NTF+EF2yQ6KEqDVYZfTtby7EZVS8TP1tA8QENSkqa2MoRerZFKXGyp+Ey6XDs6
         uMbt7vI99+OKiSn0D0yXZxagFannZegRr9YQTkuTGN5cIjGr7Zan81RiT6s/0Haxb6UI
         N4eQ==
X-Gm-Message-State: AOAM533l81Hx2uv3JLckv5iBctkgSvI8UswxTp+48pyvk8qxdgjn6p6h
	rn7gCOtHCtcgXCBkac3B5GU=
X-Google-Smtp-Source: 
 ABdhPJy+gEl3VZHOlh6r2JCy/jZcp9fo7zpvHLDAkCPLv6G7Cp4J2KcMESfQXYTUgqHAsfwDhpbwjg==
X-Received: by 2002:a05:6000:2aa:b0:1e3:d43:f5c with SMTP id
 l10-20020a05600002aa00b001e30d430f5cmr5389134wry.178.1645178805267;
        Fri, 18 Feb 2022 02:06:45 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:44 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 27/46][dunfell] grub: add a fix for a possible NULL
 dereference
Date: Fri, 18 Feb 2022 11:05:35 +0100
Message-Id: <20220218100554.1315511-28-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161915

This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...pt-mpi-Fix-possible-NULL-dereference.patch | 33 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch

diff --git a/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch b/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
new file mode 100644
index 0000000000..08299d021e
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
@@ -0,0 +1,33 @@
+From d26c8771293637b0465f2cb67d97cb58bacc62da Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 10:41:54 +0000
+Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference
+
+The code in gcry_mpi_scan() assumes that buffer is not NULL, but there
+is no explicit check for that, so we add one.
+
+Fixes: CID 73757
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ae0f3fabeba7b393113d5dc185b6aff9b728136d]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/lib/libgcrypt/mpi/mpicoder.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+index 7ecad27..6fe3891 100644
+--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
+   unsigned int len;
+   int secure = (buffer && gcry_is_secure (buffer));
+ 
++  if (!buffer)
++    return gcry_error (GPG_ERR_INV_ARG);
++
+   if (format == GCRYMPI_FMT_SSH)
+     len = 0;
+   else
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index be35ac04ef..ef409bdd6a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -73,6 +73,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
            file://0025-affs-Fix-memory-leaks.patch \
            file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
+           file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:36 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3781
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7651CC433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:48 +0000 (UTC)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com
 [209.85.128.52])
 by mx.groups.io with SMTP id smtpd.web11.9184.1645178807635822398
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:47 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=k14QpTHe;
 spf=pass (domain: gmail.com, ip: 209.85.128.52,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f52.google.com with SMTP id
 l123-20020a1c2581000000b0037b9d960079so8238786wml.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=e4s3h89m1SJF9TsNpnven9S3EZCTgmxVIuajVP1V+F0=;
        b=k14QpTHelT4S8+Oy6P/q8uI2xmMTJ3hFESbUxJAkZmaSZmSFKYsSjFuUDqnZJnv0LY
         9DtPO1zzdheVDZoxhsgXRqY0EZm2t0vO6YoDjHlT0/dNPW14xBKjMD3mo+YDr3SOUgGj
         U4/z+kHgBTyAuAsJ5r4R7wbNZ27OF/v7puSemIn8ITg5lUjOWmoMC3Yx/VUgfB5XD+kX
         LASwPhMhNkSWG6aylVrVnMU0QgaNEjKTa/TBIu+5iCwMu0RaZeHMc9icIbjFTYbuANBW
         CbZiHCI+XapxA9ccANLSqLEjjHDTzmEtpYnilRQplRasb8uuvcCulkP4vd+KYlbEcNn4
         6TUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=e4s3h89m1SJF9TsNpnven9S3EZCTgmxVIuajVP1V+F0=;
        b=TLlpQY2Pek7vbsCoeG54MJDkqz11c0zqJyZ7Wm2kEypGMbxjDO1k+mRP5ZHrUqyAf7
         vqrSyO/TAqTiZzyD4hAGVGnR3zT5qT/Hqtirtir1+27LrzT+BzMTWIYT35Bv0fz5ZJsY
         aPQbcmn1BB82SpU8uEJ8biJPcNx7opsxD+x5aKbulG9DhM4eussRPm5mfe9g7tBQtjf4
         /Bhd0V2MTUKqJtyXXTqL51fJtenYqODzS6RQ5yr+lJxBN+281CnsGbKwk9ntwuLX29gP
         YWo9gwvdlzjz8RgzzHAUfCF2w6fKjsFM62NPyRdTqmk+JF25XYqQSA8qs4XPDrJq70fc
         fb0Q==
X-Gm-Message-State: AOAM533HKhNA7ZXT8cHa3iIAOQ3un4v9luaDu59pkJKohB08glt4jY0v
	0lc2AxkYXN37Km26VyuL3OY=
X-Google-Smtp-Source: 
 ABdhPJz7x89i9oEyKcU5vwLKneZGj8kbgyRWijH6Ic0q+oNHH94+IMyKWTexMhicPzqc2Ap+wA8JQA==
X-Received: by 2002:a05:600c:ad0:b0:37b:b989:faaf with SMTP id
 c16-20020a05600c0ad000b0037bb989faafmr9819000wmr.167.1645178806234;
        Fri, 18 Feb 2022 02:06:46 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:45 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 28/46][dunfell] grub: add a fix for a memory leak
Date: Fri, 18 Feb 2022 11:05:36 +0100
Message-Id: <20220218100554.1315511-29-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161916

This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...slinux-Fix-memory-leak-while-parsing.patch | 43 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch

diff --git a/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch b/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch
new file mode 100644
index 0000000000..d8c21d88f7
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch
@@ -0,0 +1,43 @@
+From ea12feb69b6af93c7e2fa03df7ac3bd1f4edd599 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 15:31:53 +0000
+Subject: [PATCH] syslinux: Fix memory leak while parsing
+
+In syslinux_parse_real() the 2 points where return is being called
+didn't release the memory stored in buf which is no longer required.
+
+Fixes: CID 176634
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=95bc016dba94cab3d398dd74160665915cd08ad6]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/lib/syslinux_parse.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c
+index 4afa992..3acc6b4 100644
+--- a/grub-core/lib/syslinux_parse.c
++++ b/grub-core/lib/syslinux_parse.c
+@@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu)
+ 		  && grub_strncasecmp ("help", ptr3, ptr4 - ptr3) == 0))
+ 	    {
+ 	      if (helptext (ptr5, file, menu))
+-		return 1;
++		{
++		  grub_free (buf);
++		  return 1;
++		}
+ 	      continue;
+ 	    }
+ 
+@@ -757,6 +760,7 @@ syslinux_parse_real (struct syslinux_menu *menu)
+     }
+  fail:
+   grub_file_close (file);
++  grub_free (buf);
+   return err;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ef409bdd6a..c965f0fd15 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -74,6 +74,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0025-affs-Fix-memory-leaks.patch \
            file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
            file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
+           file://0028-syslinux-Fix-memory-leak-while-parsing.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:37 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3782
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 76A5EC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:49 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.web10.9090.1645178808940545847
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:49 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=pBAHEit1;
 spf=pass (domain: gmail.com, ip: 209.85.128.47,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f47.google.com with SMTP id
 x3-20020a05600c21c300b0037c01ad715bso6007025wmj.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=BycceO+JRXOouZrc6IZe0czYRxhAYwbX6v2oy0kmNLo=;
        b=pBAHEit1XeHItlqu6e9ZG0AQVXO4hi644KPTf/ncV7CtvvN83K4CDRahwmV5OOwYPC
         GtX/mAjAd37N2EX0teymUDL5QFA8nyqmtZds3N9IKuWH7GLTQ1ezanTH1Qiv7LuGU2CE
         pwrwfsl9y+mp2aeomtaM71u0DEiVj5ninRqiNt5pyUZu8lWcTgmx9ytp2v5j4I2aXAmN
         YTmNNgqrRktlxTtL2oAxp6xiHLg9w9oNiCnOXR0qZgtQZ4JC8PR7PQqVIm52iH8WIPJj
         LiGt3bU6fcL5/VOh2MZ7ZPJghgBJNAkB4PZTsqsUJtl5rjwbWu8Cf3lOWm1N/fMd2YCe
         tj9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=BycceO+JRXOouZrc6IZe0czYRxhAYwbX6v2oy0kmNLo=;
        b=XG1iGuTiSe9SGTZDvZXYIT0XGoLrCv34ig0iUKRg0FkW5IUKGAl69B0ZWHWgikSCna
         jIAOrdmSIybA1cQwPwjqtciEmVjwyVI5v4ZwSbw/LhjMwjsCoLjxuPb8aCQ/bmEKJiyB
         shEy8KCrB2O0TX3vfz6n71BMvF/Q2LkcqdAyoVW9GVQYzHiPYuPRRCBa3D8Ge+66Lw7a
         sx8Ob7i1RDBi/OGt/Xic6A7sgUFhWdyrxHNAEIGkQAhYVhMnIlMo9AcJOk9trKhJpRnt
         qFhrxa1+y3lgB1bIJA/9PORcBhKtGMXoHAY6iJ8dMlhKsDO3A4UpZdnucukAwcLNeVQB
         aXdg==
X-Gm-Message-State: AOAM530xXloM3mTFqkQaeSD6mgAqGT5LMdwDcdhvf1MuXiFFvo1oWXUK
	Q8vE3p7AsQs1jp8B8PN/LNI=
X-Google-Smtp-Source: 
 ABdhPJwKqYNMy5YF8NldWdfLgPKwOOcco7LhKsXrNzEAl3OosUAU2n1W2nyflXSRNuzrc6AmCsUzjg==
X-Received: by 2002:a05:600c:3512:b0:352:d502:bd0c with SMTP id
 h18-20020a05600c351200b00352d502bd0cmr9695016wmq.164.1645178807423;
        Fri, 18 Feb 2022 02:06:47 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.46
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:46 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 29/46][dunfell] grub: add a fix for a memory leak
Date: Fri, 18 Feb 2022 11:05:37 +0100
Message-Id: <20220218100554.1315511-30-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:49 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161917

This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...n-Fix-leaking-of-memory-when-process.patch | 52 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch

diff --git a/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch
new file mode 100644
index 0000000000..8a26e5bc5b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch
@@ -0,0 +1,52 @@
+From 2367049d2021e00d82d19cee923e06a4b04ebc30 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 18:56:48 +0000
+Subject: [PATCH] normal/completion: Fix leaking of memory when processing a
+ completion
+
+It is possible for the code to reach the end of the function without
+freeing the memory allocated to argv and argc still to be 0.
+
+We should always call grub_free(argv). The grub_free() will handle
+a NULL argument correctly if it reaches that code without the memory
+being allocated.
+
+Fixes: CID 96672
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9213575b7a95b514bce80be5964a28d407d7d56d]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/normal/completion.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c
+index 5961028..46e473c 100644
+--- a/grub-core/normal/completion.c
++++ b/grub-core/normal/completion.c
+@@ -400,8 +400,8 @@ char *
+ grub_normal_do_completion (char *buf, int *restore,
+ 			   void (*hook) (const char *, grub_completion_type_t, int))
+ {
+-  int argc;
+-  char **argv;
++  int argc = 0;
++  char **argv = NULL;
+ 
+   /* Initialize variables.  */
+   match = 0;
+@@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore,
+ 
+  fail:
+   if (argc != 0)
+-    {
+-      grub_free (argv[0]);
+-      grub_free (argv);
+-    }
++    grub_free (argv[0]);
++  grub_free (argv);
+   grub_free (match);
+   grub_errno = GRUB_ERR_NONE;
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c965f0fd15..1460e559b9 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -75,6 +75,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
            file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
            file://0028-syslinux-Fix-memory-leak-while-parsing.patch \
+           file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:38 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3783
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79148C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:51 +0000 (UTC)
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com
 [209.85.128.45])
 by mx.groups.io with SMTP id smtpd.web12.9113.1645178810056936439
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:50 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=FKyc6nzH;
 spf=pass (domain: gmail.com, ip: 209.85.128.45,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f45.google.com with SMTP id
 k3-20020a1ca103000000b0037bdea84f9cso6010275wme.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=ld4Vd7paVlgpIYs0spnttIapWU3983q3+Z+ZWa+VILk=;
        b=FKyc6nzHwpfTj6nBYHTdfnbSoAdawROD29WhDadTcdnNIc+5zUewuQx2ogg1qM55Kn
         bDD58qFFfn8wD+UrJtrT97KPj5zNhaX+qLfNfqvuYqcFojc65z8w892sGct0fms+IuAM
         IG+6MSJ0BR/NYKy3Xr/4xf1Vb1XmLkQzJN0nHhYdCNYcVOJmKVVzIq9krff5qhou9dyJ
         xBQo2LoHm4/pxeBHrVPa7Rjjq/jX9UHYckDZJsN9AKYVI6Lvahk8iES8+YvAuWUd0qfu
         Or/PRiLTGs68RAFAC+ko7UvWXVRpyip7LIXwIVYvMrn789FFyxy35m/am8DhtsVfDhsu
         r8ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=ld4Vd7paVlgpIYs0spnttIapWU3983q3+Z+ZWa+VILk=;
        b=6nQqxgbf2231a6ymzTc3MgqPC7Sy/V2WKlm5LS89cvXW/HjSU668CM6L+PPArohT3V
         JZIr9uL+fMWxDzJwXSl0LJ8mo9/tCr5DHeZssa6DuyuqoWtwU4V50sCHXihmajx6vb4O
         AMu3m0jvKfZiPyRIXoJaY6jLhnGBcjCzdxICNLWvUVgLkVBUY6xGk4alqBN6XpXUQD9D
         zaiyye8qTClpoZ74cYHdJ/7zWvxCWcgU0smJY+NB/9vN4JA24UAKIyKkK5JItuzBFltV
         BdeDQX3585jlb8jxAQbAe4Rb6U1H3o+zx/R7LVH6VvZmFvNi7mXo1/sOk2Eg/3NsNYgZ
         PvUA==
X-Gm-Message-State: AOAM533RxjW+f7FMfVh1zFi53LVbTxaEX1Q7UEGrUQNH2/1KEg5vZpc6
	VsyqV2BYzps+iYhWST6Qwyw=
X-Google-Smtp-Source: 
 ABdhPJyJhuO9WE1M/TwGvy+KVIGbodLt2z2LJQwxe2ahFo5ijRDijALbJqOZpMY4MiNf0/OelkcmuA==
X-Received: by 2002:a1c:a514:0:b0:37b:b7c8:6091 with SMTP id
 o20-20020a1ca514000000b0037bb7c86091mr6467169wme.133.1645178808553;
        Fri, 18 Feb 2022 02:06:48 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.47
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:48 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 30/46][dunfell] grub: fix a memory leak
Date: Fri, 18 Feb 2022 11:05:38 +0100
Message-Id: <20220218100554.1315511-31-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161918

Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...0-commands-hashsum-Fix-a-memory-leak.patch | 56 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch

diff --git a/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch b/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch
new file mode 100644
index 0000000000..e34a19e12c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch
@@ -0,0 +1,56 @@
+From b136fa14d26d1833ffcb852f86e65da5960cfb99 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 1 Dec 2020 23:41:24 +0000
+Subject: [PATCH] commands/hashsum: Fix a memory leak
+
+check_list() uses grub_file_getline(), which allocates a buffer.
+If the hash list file contains invalid lines, the function leaks
+this buffer when it returns an error.
+
+Fixes: CID 176635
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/commands/hashsum.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c
+index 456ba90..b8a22b0 100644
+--- a/grub-core/commands/hashsum.c
++++ b/grub-core/commands/hashsum.c
+@@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename,
+ 	  high = hextoval (*p++);
+ 	  low = hextoval (*p++);
+ 	  if (high < 0 || low < 0)
+-	    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	    {
++	      grub_free (buf);
++	      return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	    }
+ 	  expected[i] = (high << 4) | low;
+ 	}
+       if ((p[0] != ' ' && p[0] != '\t') || (p[1] != ' ' && p[1] != '\t'))
+-	return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	{
++	  grub_free (buf);
++	  return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	}
+       p += 2;
+       if (prefix)
+ 	{
+@@ -140,7 +146,10 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename,
+ 	  
+ 	  filename = grub_xasprintf ("%s/%s", prefix, p);
+ 	  if (!filename)
+-	    return grub_errno;
++	    {
++	      grub_free (buf);
++	      return grub_errno;
++	    }
+ 	  file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH
+ 				 | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS
+ 				    : GRUB_FILE_TYPE_NONE));
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1460e559b9..d18e329b96 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -76,6 +76,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
            file://0028-syslinux-Fix-memory-leak-while-parsing.patch \
            file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
+           file://0030-commands-hashsum-Fix-a-memory-leak.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:39 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3784
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 796ABC433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:52 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.web10.9091.1645178811015539915
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:51 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=U3P6uww5;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 az26-20020a05600c601a00b0037c078db59cso5985129wmb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=U87pmDD4vvJeIKOvGJEwsi58NrLj2TWBh+WDe+8WcDM=;
        b=U3P6uww5nnCQ7xALaF1oyngtAfqgdxuv4KOBIuS96RgfcJXJ2wpflxjgNr7kQn+otf
         KEi+FYIt1yahnzDkvl8ZPch0NosXFfJhhMdrm0HVICJF1NJUAotDobNKpZsH82jKKBxL
         IjjzEUoSGYcJH22yJXHidrE6nSldHfLHfSTkwWn0IBkNG5RrWHoJdkiYV8N9EylquANH
         vHNY0FzG63enCbfWC6upodn8h5w2c//Y+9GIueJHsnvgc44pyKmGfu3OZEYxRG8WgaZn
         gUa/dMMmmaz+vEH6hN3Vnu934etO5Dq9BHwsOWExDIkOC1o6MfzUlcjd8+Z9X4xJyIAa
         IaDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=U87pmDD4vvJeIKOvGJEwsi58NrLj2TWBh+WDe+8WcDM=;
        b=0S0scOErA/Oo4KTDUFyv67+DizB+pFqlr7koI6wj1Dpw7W8FDiARnO5gNKb3hPOazZ
         VOUlwrBZA8uF7DRfBJBkf/xuOjlaKRgv1eUiulf8u8DsEB/paWvRO6fORPcx75vVY4Bh
         27n3crdfH39DwG/ewVfUe0s5vcnzR3wz7S1K2xBk4UJCbtXaHaDMF/MQRsgLjH4UoSIb
         5ZTFLHbIZpcrPnYWVjG44scjcX7i6gg9JeG19HLXz6sCao+Aq6YOczJH2t8eT0HZatxl
         CxZzcmw3TqaLhIm0vnNo1TKNcGjn98RvtU3lJVZax0Hnkmqqxu23CfdYPIGbAlL3ZRtg
         Oc0w==
X-Gm-Message-State: AOAM531WNbE9b7BqbzCIOdQCNm4AVAG+lWDIkNW4DLeZdb9wZa/5BQic
	7i6ecakHXDiLs/bfWHa4cqI=
X-Google-Smtp-Source: 
 ABdhPJyuhFzbbEHDinhonO3mXPvjq4EGg9aNH3/2YA0DbzdXHpjRcWj5dBxtKjQ2ZljxNlowxynjNQ==
X-Received: by 2002:a1c:7419:0:b0:37b:b96e:81a6 with SMTP id
 p25-20020a1c7419000000b0037bb96e81a6mr10040441wmc.8.1645178809556;
        Fri, 18 Feb 2022 02:06:49 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:49 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 31/46][dunfell] grub: remove unneeded return value
Date: Fri, 18 Feb 2022 11:05:39 +0100
Message-Id: <20220218100554.1315511-32-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:52 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161919

This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...move-unnecessary-return-value-of-gru.patch | 94 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 95 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch

diff --git a/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch b/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
new file mode 100644
index 0000000000..7e4e951245
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
@@ -0,0 +1,94 @@
+From 2a1e5659763790201a342f8a897c8c9d8d91b1cc Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 21:14:31 +0000
+Subject: [PATCH] video/efi_gop: Remove unnecessary return value of
+ grub_video_gop_fill_mode_info()
+
+The return value of grub_video_gop_fill_mode_info() is never able to be
+anything other than GRUB_ERR_NONE. So, rather than continue to return
+a value and checking it each time, it is more correct to redefine the
+function to not return anything and remove checks of its return value
+altogether.
+
+Fixes: CID 96701
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fc5951d3b1616055ef81a019a5affc09d13344d0]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/video/efi_gop.c | 25 ++++++-------------------
+ 1 file changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
+index 7f9d1c2..db2ee98 100644
+--- a/grub-core/video/efi_gop.c
++++ b/grub-core/video/efi_gop.c
+@@ -227,7 +227,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode,
+   return GRUB_ERR_NONE;
+ }
+ 
+-static grub_err_t
++static void
+ grub_video_gop_fill_mode_info (unsigned mode,
+ 			       struct grub_efi_gop_mode_info *in,
+ 			       struct grub_video_mode_info *out)
+@@ -252,8 +252,6 @@ grub_video_gop_fill_mode_info (unsigned mode,
+   out->blit_format = GRUB_VIDEO_BLIT_FORMAT_BGRA_8888;
+   out->mode_type |= (GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
+ 		     | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
+-
+-  return GRUB_ERR_NONE;
+ }
+ 
+ static int
+@@ -266,7 +264,6 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
+       grub_efi_uintn_t size;
+       grub_efi_status_t status;
+       struct grub_efi_gop_mode_info *info = NULL;
+-      grub_err_t err;
+       struct grub_video_mode_info mode_info;
+ 	 
+       status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
+@@ -277,12 +274,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
+ 	  continue;
+ 	}
+ 
+-      err = grub_video_gop_fill_mode_info (mode, info, &mode_info);
+-      if (err)
+-	{
+-	  grub_errno = GRUB_ERR_NONE;
+-	  continue;
+-	}
++      grub_video_gop_fill_mode_info (mode, info, &mode_info);
+       if (hook (&mode_info, hook_arg))
+ 	return 1;
+     }
+@@ -466,13 +458,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ 
+   info = gop->mode->info;
+ 
+-  err = grub_video_gop_fill_mode_info (gop->mode->mode, info,
+-				       &framebuffer.mode_info);
+-  if (err)
+-    {
+-      grub_dprintf ("video", "GOP: couldn't fill mode info\n");
+-      return err;
+-    }
++  grub_video_gop_fill_mode_info (gop->mode->mode, info,
++				 &framebuffer.mode_info);
+ 
+   framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
+   framebuffer.offscreen
+@@ -486,8 +473,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+     {
+       grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
+       grub_errno = 0;
+-      err = grub_video_gop_fill_mode_info (gop->mode->mode, info,
+-					   &framebuffer.mode_info);
++      grub_video_gop_fill_mode_info (gop->mode->mode, info,
++				     &framebuffer.mode_info);
+       buffer = framebuffer.ptr;
+     }
+     
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index d18e329b96..24a269d90d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -77,6 +77,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0028-syslinux-Fix-memory-leak-while-parsing.patch \
            file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
            file://0030-commands-hashsum-Fix-a-memory-leak.patch \
+           file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:40 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3785
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7B01EC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:53 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.web11.9185.1645178812331360089
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:52 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=apbWiFL4;
 spf=pass (domain: gmail.com, ip: 209.85.221.53,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f53.google.com with SMTP id d27so13657516wrb.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=zwhSAgB0DxrdDzQeHX58T3ifT+ua3Nb5Ts7b4PxUseo=;
        b=apbWiFL4g7/ErHT9dlexX2UJnjTlzdcQ3dT+QFufVTvubEf93l/i3eaeM6WkPRlDKL
         LAz3xQeg1WdlN38SXB7vmomxpTsfzYkWdGoEBTKfW6x93FqmeQdKA9H/hGu8GfxpNess
         OUOmmlOXnjVTzIcdKxH2WMOdN4xYhTyt56BF1mZ7Dst0b5CDYCXU+mYheErwkV0XPQ2U
         mRZChGUBlMD7wCTBSEP9sfUT9HXsYxZYcAzOMGu2biWh6mKGdPcx+rWlvuoohbrr0N5L
         g8TNMgzc84i92ORg8foNisd4Pyzy2gTSkJr81gqDgIqB0BDexPv5bA4fsTZmqtUYUhhN
         alkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=zwhSAgB0DxrdDzQeHX58T3ifT+ua3Nb5Ts7b4PxUseo=;
        b=353Pu08Rr4h0JK1KeVqeYxv4p4FOVWrtV2Rk428P/eDoYoGkXwyY2t2wY1B/Sgp8HL
         nKhFAiNHUzHb1AaKFKXZ5Zuv8twmGFBj/RR4NE8nQYFjeI9ok2CoI4pfMmwMplfXAFlX
         3EZogpQouU4fp8YcS9kYPcS6mxQL6gTBOyuUfuOA90JEA8PjSIzqCxF6kkgyBq88wSra
         /aPW3+ToAXPl/YbLYdYwd3BsLTmx8mf6votz66vt2AxO2qKxgxZwWYs9qmQFCNe7Zbh/
         8H/BhnQMEflcvTZtXhoPCKDy96wsDyuh0m9L4CamEu6mWELEaatLP02iJ+rYgOvf+htT
         UXTA==
X-Gm-Message-State: AOAM5334N35k32aKUPOAeAWUJ8FGZ9nM1msih5ibswe1FrG/4wTncMGN
	0Ui96ZvwJXhzjH1gqi2H4Lw=
X-Google-Smtp-Source: 
 ABdhPJwJAJBQmVN9clmKKTt7mt4hM7duxkj9y175Xjl1JZzdz8cNfATjvs7DghKqOBjI46eijoKWYQ==
X-Received: by 2002:a5d:548f:0:b0:1e3:3a93:1324 with SMTP id
 h15-20020a5d548f000000b001e33a931324mr5502690wrv.252.1645178810765;
        Fri, 18 Feb 2022 02:06:50 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:50 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 32/46][dunfell] grub: fix an integer overflow
Date: Fri, 18 Feb 2022 11:05:40 +0100
Message-Id: <20220218100554.1315511-33-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:53 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161920

This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...bfill-Fix-potential-integer-overflow.patch | 78 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch

diff --git a/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch b/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch
new file mode 100644
index 0000000000..8165ea3f71
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch
@@ -0,0 +1,78 @@
+From 99ecf5a44b99d529a6405fe276bedcefa3657a0a Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 4 Nov 2020 15:10:51 +0000
+Subject: [PATCH] video/fb/fbfill: Fix potential integer overflow
+
+The multiplication of 2 unsigned 32-bit integers may overflow before
+promotion to unsigned 64-bit. We should ensure that the multiplication
+is done with overflow detection. Additionally, use grub_sub() for
+subtraction.
+
+Fixes: CID 73640, CID 73697, CID 73702, CID 73823
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/video/fb/fbfill.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c
+index 11816d0..a37acd1 100644
+--- a/grub-core/video/fb/fbfill.c
++++ b/grub-core/video/fb/fbfill.c
+@@ -31,6 +31,7 @@
+ #include <grub/fbfill.h>
+ #include <grub/fbutil.h>
+ #include <grub/types.h>
++#include <grub/safemath.h>
+ #include <grub/video.h>
+ 
+ /* Generic filler that works for every supported mode.  */
+@@ -61,7 +62,9 @@ grub_video_fbfill_direct32 (struct grub_video_fbblit_info *dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -98,7 +101,9 @@ grub_video_fbfill_direct24 (struct grub_video_fbblit_info *dst,
+ #endif
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -131,7 +136,9 @@ grub_video_fbfill_direct16 (struct grub_video_fbblit_info *dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = (dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width);
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -161,7 +168,9 @@ grub_video_fbfill_direct8 (struct grub_video_fbblit_info *dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 24a269d90d..710ab5e361 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -78,6 +78,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
            file://0030-commands-hashsum-Fix-a-memory-leak.patch \
            file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
+           file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:41 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3786
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A3C0C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:54 +0000 (UTC)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com
 [209.85.221.47])
 by mx.groups.io with SMTP id smtpd.web12.9114.1645178813262102592
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=oybRagvV;
 spf=pass (domain: gmail.com, ip: 209.85.221.47,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f47.google.com with SMTP id h6so13611956wrb.9
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=A97XdPuYf6Q82zKmgid8Vkvy1Y45NM5hVXPS1aZXqaY=;
        b=oybRagvVEnypt7ST67cuadUMP24/55d0uxK4WgZustlGD89CS6WKVbZtlZJyKFaZVN
         D5E1lx2BJ2NlZ6iUWv2BWADRmk/7jRHJW4QjMGNO5X6X1oSvPcHhpQA/mIs3DdtRaecG
         M2PSdB+CC4JjjLcKLrkJyVycMWWuylSgc5m6x3OMTST1EvDsJ6absrCo6suM0nMY7OBs
         Opq0GNL4zY59ywJLORE+HNPlHst9xTwx7nIxL+3LXAHLlwCI25KHBiswe5qB3i4m9TJu
         b+l00C25JurkLR3WPd2LWW6aL98VbB3xsw+cyQD2h0A9kr50iiqxhU5nkriOf1eo04/S
         S9fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=A97XdPuYf6Q82zKmgid8Vkvy1Y45NM5hVXPS1aZXqaY=;
        b=aE/I1It/cxGuF+5Hh78X4P/wnuwKfePH1xaMPw56q9puiJxXIvRN0v588WCjaLUmEt
         d/pn35Rds37YhzMrTJqNkQ8k5vnhtfNeqvmCrDxXZ1PDy7fEc0QIQ6OwlukXc/d0cAfQ
         ndjJ+H0n8QV9YOKZLiau3yvScE6K5PLlwdZrQThGXC/Gf6BTuoZkoqxu8d54sENcTwnc
         Lxub1O3K8ySzm5eMb+lHSvjOW7p3uc8l/0OCO8JX+bBa0oRfan4b9Mi56dj4oa4rSkyh
         ty3XvWmGsCpImubAhGkgZMMelk9i6ivGGNidRJcYqQSrKIuklGD938CVAH8uKI/5Dild
         GNhA==
X-Gm-Message-State: AOAM531oSKetNANUhRY6z8Lt1UIXM5AViIh5EhBKj70sO/fR/bjN7xnd
	JjY00n/aM525SnZqQixrBko=
X-Google-Smtp-Source: 
 ABdhPJzXNLZ0YHnmC6HSaE6e3aDPyelnsUxGGJNwEjs673JKlfV5uHcxmBTjbzV7cM6APwMRhzVVNQ==
X-Received: by 2002:a5d:6701:0:b0:1e3:3ba6:d2e8 with SMTP id
 o1-20020a5d6701000000b001e33ba6d2e8mr5380180wru.221.1645178811821;
        Fri, 18 Feb 2022 02:06:51 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:51 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 33/46][dunfell] grub: fix multiple integer overflows
Date: Fri, 18 Feb 2022 11:05:41 +0100
Message-Id: <20220218100554.1315511-34-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:54 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161921

This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...eo_fb-Fix-multiple-integer-overflows.patch | 104 ++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 2 files changed, 105 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch

diff --git a/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch b/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch
new file mode 100644
index 0000000000..544e7f31ae
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch
@@ -0,0 +1,104 @@
+From 69b91f7466a5ad5fb85039a5b4118efb77ad6347 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 4 Nov 2020 14:43:44 +0000
+Subject: [PATCH] video/fb/video_fb: Fix multiple integer overflows
+
+The calculation of the unsigned 64-bit value is being generated by
+multiplying 2, signed or unsigned, 32-bit integers which may overflow
+before promotion to unsigned 64-bit. Fix all of them.
+
+Fixes: CID 73703, CID 73767, CID 73833
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08e098b1dbf01e96376f594b337491bc4cfa48dd]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/video/fb/video_fb.c | 52 ++++++++++++++++++++++++-----------
+ 1 file changed, 36 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index 1a602c8..1c9a138 100644
+--- a/grub-core/video/fb/video_fb.c
++++ b/grub-core/video/fb/video_fb.c
+@@ -25,6 +25,7 @@
+ #include <grub/fbutil.h>
+ #include <grub/bitmap.h>
+ #include <grub/dl.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1417,15 +1418,23 @@ doublebuf_blit_update_screen (void)
+ {
+   if (framebuffer.current_dirty.first_line
+       <= framebuffer.current_dirty.last_line)
+-    grub_memcpy ((char *) framebuffer.pages[0]
+-		 + framebuffer.current_dirty.first_line
+-		 * framebuffer.back_target->mode_info.pitch,
+-		 (char *) framebuffer.back_target->data
+-		 + framebuffer.current_dirty.first_line
+-		 * framebuffer.back_target->mode_info.pitch,
+-		 framebuffer.back_target->mode_info.pitch
+-		 * (framebuffer.current_dirty.last_line
+-		    - framebuffer.current_dirty.first_line));
++    {
++      grub_size_t copy_size;
++
++      if (grub_sub (framebuffer.current_dirty.last_line,
++		    framebuffer.current_dirty.first_line, &copy_size) ||
++	  grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, &copy_size))
++	{
++	  /* Shouldn't happen, but if it does we've a bug. */
++	  return GRUB_ERR_BUG;
++	}
++
++      grub_memcpy ((char *) framebuffer.pages[0] + framebuffer.current_dirty.first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   (char *) framebuffer.back_target->data + framebuffer.current_dirty.first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   copy_size);
++    }
+   framebuffer.current_dirty.first_line
+     = framebuffer.back_target->mode_info.height;
+   framebuffer.current_dirty.last_line = 0;
+@@ -1439,7 +1448,7 @@ grub_video_fb_doublebuf_blit_init (struct grub_video_fbrender_target **back,
+ 				   volatile void *framebuf)
+ {
+   grub_err_t err;
+-  grub_size_t page_size = mode_info.pitch * mode_info.height;
++  grub_size_t page_size = (grub_size_t) mode_info.pitch * mode_info.height;
+ 
+   framebuffer.offscreen_buffer = grub_zalloc (page_size);
+   if (! framebuffer.offscreen_buffer)
+@@ -1482,12 +1491,23 @@ doublebuf_pageflipping_update_screen (void)
+     last_line = framebuffer.previous_dirty.last_line;
+ 
+   if (first_line <= last_line)
+-    grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page]
+-		 + first_line * framebuffer.back_target->mode_info.pitch,
+-		 (char *) framebuffer.back_target->data
+-		 + first_line * framebuffer.back_target->mode_info.pitch,
+-		 framebuffer.back_target->mode_info.pitch
+-		 * (last_line - first_line));
++    {
++      grub_size_t copy_size;
++
++      if (grub_sub (last_line, first_line, &copy_size) ||
++	  grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, &copy_size))
++	{
++	  /* Shouldn't happen, but if it does we've a bug. */
++	  return GRUB_ERR_BUG;
++	}
++
++      grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] + first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   (char *) framebuffer.back_target->data + first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   copy_size);
++    }
++
+   framebuffer.previous_dirty = framebuffer.current_dirty;
+   framebuffer.current_dirty.first_line
+     = framebuffer.back_target->mode_info.height;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 710ab5e361..8b5b9e3b3e 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -79,6 +79,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0030-commands-hashsum-Fix-a-memory-leak.patch \
            file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
            file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
+           file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:42 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3787
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A53EC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:55 +0000 (UTC)
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com
 [209.85.221.43])
 by mx.groups.io with SMTP id smtpd.web11.9186.1645178814244471925
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:54 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=abii2aoK;
 spf=pass (domain: gmail.com, ip: 209.85.221.43,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f43.google.com with SMTP id m27so1844761wrb.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=kFmaIn6KKAnd62e6QXFoKlb/V84sWa3y2wjep4wK8kk=;
        b=abii2aoKcdYAFOptiiGpm8foE/x6vBcSheJfynN+Yy8TC5+h0D/K6KzElcxlZ6uAxR
         bgh85gzctmGa09oUbUEI/4u2SNyDU0d4CyOP+wSlltpdDGmgAOF2NgtgvmGqy94l7WwZ
         UhB2jZlMljAPT4ctyj4jrsMc234njdxhL/z4+kB0zAHaEGr5fpoO0bfUtfEWnaouinsA
         ++tqFEHAIgN1sToaxjZ4XhPrfn7ywtJdaXA4WtsHN1g+zL+z39AcmxTh6jQ3zHNnuIX7
         LTOyvpvIbCbdjGg4Bh/W8IqMBDg6qXBuyAa1dXKPjpIjH6u1JUNBh2y/UiVCoMk5MGhe
         SMCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=kFmaIn6KKAnd62e6QXFoKlb/V84sWa3y2wjep4wK8kk=;
        b=y1nInuVzJY8FiNnO351CAqWKXuCKVOEI+LGBRhDpXmZm+OzKl4XWW37SjGQhlrA/by
         C6WYagzV8cLpvsqhEG64EGjo1XlIIUTIY413hOBD1qYjOgYNyE+0l9uJZCXduQVByMr3
         zNYya5MN9XX342cokqarXngzVja4WpmoFe5B4eKwjBM2sOx2w5b/5ha8h95uCykaviow
         w5MPpCCI8WPgLr9+3wTocTK+YeW7jOeUAn+V+xiaK0l+Zl+9RFh5OoGLzufrGvWAHg4I
         qhomJ5Iv4HyzHiLpfarztsiBHmNQ79pXfpWlVIVEQUaY61GBPsVsijI59S3WVWZPZPpw
         856A==
X-Gm-Message-State: AOAM532CTrbSM+n+1ysSFQFe8W8pA2zPjjHHH55Rstljg+K12e2Vrluq
	m4KJqL4esqm42rdGlO3eJQYm/3RmlYc=
X-Google-Smtp-Source: 
 ABdhPJzg2jWujAPgiM4kevyiP+RMnirAA4m+2aajTnVgd9qsLfYXKsyAl4dOKjh+BR/ZAuoA+EVslg==
X-Received: by 2002:adf:c382:0:b0:1e3:1be3:cc38 with SMTP id
 p2-20020adfc382000000b001e31be3cc38mr5402675wrf.368.1645178812823;
        Fri, 18 Feb 2022 02:06:52 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:52 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 34/46][dunfell] grub: fix a possible integer overflow
Date: Fri, 18 Feb 2022 11:05:42 +0100
Message-Id: <20220218100554.1315511-35-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:55 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161922

This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...deo_fb-Fix-possible-integer-overflow.patch | 39 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch

diff --git a/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch b/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch
new file mode 100644
index 0000000000..c82b2c7df0
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch
@@ -0,0 +1,39 @@
+From aac5574ff340a665ccc78d4c3d61596ac67acbbe Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 14:51:30 +0000
+Subject: [PATCH] video/fb/video_fb: Fix possible integer overflow
+
+It is minimal possibility that the values being used here will overflow.
+So, change the code to use the safemath function grub_mul() to ensure
+that doesn't happen.
+
+Fixes: CID 73761
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/video/fb/video_fb.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index 1c9a138..ae6b89f 100644
+--- a/grub-core/video/fb/video_fb.c
++++ b/grub-core/video/fb/video_fb.c
+@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info *mode_info,
+ 			     volatile void *page1_ptr)
+ {
+   grub_err_t err;
+-  grub_size_t page_size = mode_info->pitch * mode_info->height;
++  grub_size_t page_size = 0;
++
++  if (grub_mul (mode_info->pitch, mode_info->height, &page_size))
++    {
++      /* Shouldn't happen, but if it does we've a bug. */
++      return GRUB_ERR_BUG;
++    }
+ 
+   framebuffer.offscreen_buffer = grub_malloc (page_size);
+   if (! framebuffer.offscreen_buffer)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 8b5b9e3b3e..04c9b4c092 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -80,6 +80,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
            file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
            file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
+           file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:43 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3788
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A344C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:56 +0000 (UTC)
Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com
 [209.85.221.48])
 by mx.groups.io with SMTP id smtpd.web12.9115.1645178815197539428
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:55 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Sc3ZSFS1;
 spf=pass (domain: gmail.com, ip: 209.85.221.48,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f48.google.com with SMTP id f3so13493312wrh.7
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=im+R/71YIG4t1O0t8OloEyUdg5Wzrb6lnV3WBZfD7BU=;
        b=Sc3ZSFS1iM2TSxPvxpY7JgPkOgU2Z11w7dRofrIERm/RHWkHPdQCaD3rRMNRPnNFv5
         AhMvZ0dl6Jyo8qilE4cc5b127sdulTAeLhm5vV0+gpEsGPitePVuU4DzrG2iMyQ3wvWC
         ZFsi92OfljrVRkReUv3Qi3c0m4wJ9I6GkDIRcTRQS3qNsgdvAS/mvf/CMMWri7GlKOiy
         K8rlGFn6fJrXw2iqbFikMzrXhvRTNjklxbH03Fq5wWo5z2Dqnm95zWOAUPqlfRWXKQe+
         +Z7Dyp3dxFOiW0ewV9SikkN0eG9rtnjkXbXF1HOXmRS7lhX7VbVu1WdLlzz9r3N7hJm8
         eCOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=im+R/71YIG4t1O0t8OloEyUdg5Wzrb6lnV3WBZfD7BU=;
        b=T8Uuzn6mfQX1D18WUoK34MuhRiSj8a5vyIzcDfD84jkTPwvP4L/ZGY7agHkfbgfKzA
         W6gEHfhbVxYPvedQjx+O7Iam4hze+V12u/Sp4BfRjM0DvdSlDboDC3HZRzEI+L0t2WSm
         +prgEE1uzLgz7Te0+qdFAVQHr2yv+QEjWBhQe2DBU66ZObjKp6c1RApNd9rKd6Twb7wp
         cJghL7Oo0ZSi0kbdXaWvcsbCNLJn9sCQxiVLY9MJKPuxe8ZL9c9oITCs1zAKQ7nuqlPW
         NeBbKbYMJSzBM8ksC+ZQQAsVcWPFwuBh0lp08EzDACmMQbYB1dWb+ZR6Th04IRTToLvV
         /LAw==
X-Gm-Message-State: AOAM533SRLMM43HQ7cfnHfYIbpncjOntWg1pQqCRSS5kRTB2S9+ZwQP6
	cflMcCEGfvILw0mS0mZ2w5k=
X-Google-Smtp-Source: 
 ABdhPJxvT+XHSCUzdYsCniANIn31t8a+DzLBKTCsMT5R6arei5YI114qUOO4abAUC00Mil1xypq/YA==
X-Received: by 2002:adf:816c:0:b0:1e6:88a9:eb6c with SMTP id
 99-20020adf816c000000b001e688a9eb6cmr5382528wrm.645.1645178813703;
        Fri, 18 Feb 2022 02:06:53 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.52
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:53 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 35/46][dunfell] grub: test for malformed jpeg files
Date: Fri, 18 Feb 2022 11:05:43 +0100
Message-Id: <20220218100554.1315511-36-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:56 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161923

This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...eg-Test-for-an-invalid-next-marker-r.patch | 38 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch

diff --git a/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch b/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
new file mode 100644
index 0000000000..3fca2aecb5
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
@@ -0,0 +1,38 @@
+From 88361a7fd4e481a76e1159a63c9014fa997ef29c Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 15:39:00 +0000
+Subject: [PATCH] video/readers/jpeg: Test for an invalid next marker reference
+ from a jpeg file
+
+While it may never happen, and potentially could be caught at the end of
+the function, it is worth checking up front for a bad reference to the
+next marker just in case of a maliciously crafted file being provided.
+
+Fixes: CID 73694
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5f5eb7ca8e971227e95745abe541df3e1509360e]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/video/readers/jpeg.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 31359a4..0b6ce3c 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
+   next_marker = data->file->offset;
+   next_marker += grub_jpeg_get_word (data);
+ 
++  if (next_marker > data->file->size)
++    {
++      /* Should never be set beyond the size of the file. */
++      return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid next reference");
++    }
++
+   while (data->file->offset + sizeof (data->quan_table[id]) + 1
+ 	 <= next_marker)
+     {
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 04c9b4c092..75782b7eb2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -81,6 +81,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
            file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
            file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \
+           file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:44 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3789
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7AA44C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:57 +0000 (UTC)
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com
 [209.85.128.45])
 by mx.groups.io with SMTP id smtpd.web08.8980.1645178816400828413
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:56 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=NL2UF8US;
 spf=pass (domain: gmail.com, ip: 209.85.128.45,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f45.google.com with SMTP id
 y6-20020a7bc186000000b0037bdc5a531eso5697334wmi.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=3qgG2TJbz4+zRjJ/q2pcnwCRKNp1mcqdJ7n8NXjmdZU=;
        b=NL2UF8USCfvhw7SUprhvYcjNiawfItll3PCKnW+LOLzuojVIaNKjhN44w+erDBtAFt
         tFpIhNMT3fM0/yGu+ASeWtdeblizJz4XILda4vn8W1LPX13tCgpdB49d93ylbBE3HowW
         26hm2HLIqzhxXHDKmd8Ja7nH6Ylzb6on5kFVELpzda5EODHtSNbLgMSOUij5I7TJHGi7
         +DyzSB8HdXUoRdZyuylS4QEAdU7H2yJrtqlxGMzSH7klWtbVX8ZtoeP4R4D81k72oYU2
         46/OMZl4gmtUeIstylgTO5Lk+5gpXVFn6RRMNbHCEhb3IdJMTej7AQwVe0p9PIqmvOWN
         ZEhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=3qgG2TJbz4+zRjJ/q2pcnwCRKNp1mcqdJ7n8NXjmdZU=;
        b=2bUHlTG3dQp8ANOWheIrGYNKu/ZuAQR+Be4Jq3YzPwL2gyQn9lDr3f7uplHOlCIBVz
         F6KHHP+JIdiLY6hd0gPYzLzwUxMGn+NY12nIbPtZCll59gQIN6teF4S55//2EhAI+E2o
         OP58k3mU940VYbsclymtMTIe1+olGXLEu0QSLrTs3OztipFc/1mVlDyp1Y9kjtbG7fSC
         Ci00Pcjw0bcJ+RxjI0xNGdEl4ny7NH4bypdQAshE+GfA/ds/FxQa0Z8JwyXjUo7//wy+
         ROMP27hjo30M/MyW1AcOUnb691/l0xIdwg1H+Pweo6Ve9NF1ULAAjV+tiat8cHAqL00/
         dJ9w==
X-Gm-Message-State: AOAM530PqO0zTMYRwfzMMRWXIWufeJ6SFrBEvp94oIguU10T13YILV8R
	6IJMvOB31FG2YxIJQmhQpDE=
X-Google-Smtp-Source: 
 ABdhPJxx/NjvLANP2nOXMMWOez0RTUYpjImQTnCOSJl+oYqdsH7iQaclpndZyJxbPnFQViUUrBBNmA==
X-Received: by 2002:a1c:7918:0:b0:37b:fab4:9b1 with SMTP id
 l24-20020a1c7918000000b0037bfab409b1mr9852648wme.40.1645178814984;
        Fri, 18 Feb 2022 02:06:54 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.53
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:54 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 36/46][dunfell] grub: remove dead code
Date: Fri, 18 Feb 2022 11:05:44 +0100
Message-Id: <20220218100554.1315511-37-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161924

This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...-Remove-code-that-coverity-is-flaggi.patch | 34 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch

diff --git a/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch b/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
new file mode 100644
index 0000000000..61e5e5797d
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
@@ -0,0 +1,34 @@
+From 9433cb3a37c03f22c2fa769121f1f509fd031ae9 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Mon, 7 Dec 2020 14:44:47 +0000
+Subject: [PATCH] gfxmenu/gui_list: Remove code that coverity is flagging as
+ dead
+
+The test of value for NULL before calling grub_strdup() is not required,
+since the if condition prior to this has already tested for value being
+NULL and cannot reach this code if it is.
+
+Fixes: CID 73659
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4a1aa5917595650efbd46b581368c470ebee42ab]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/gfxmenu/gui_list.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c
+index 01477cd..df334a6 100644
+--- a/grub-core/gfxmenu/gui_list.c
++++ b/grub-core/gfxmenu/gui_list.c
+@@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const char *value)
+         {
+           self->need_to_recreate_boxes = 1;
+           grub_free (self->selected_item_box_pattern);
+-          self->selected_item_box_pattern = value ? grub_strdup (value) : 0;
++          self->selected_item_box_pattern = grub_strdup (value);
+           self->selected_item_box_pattern_inherit = 0;
+         }
+     }
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 75782b7eb2..1a4be33fca 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -82,6 +82,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
            file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \
            file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \
+           file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:45 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3790
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 78D4FC433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:58 +0000 (UTC)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com
 [209.85.128.51])
 by mx.groups.io with SMTP id smtpd.web09.9121.1645178817340490422
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:57 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=PGf/ROS3;
 spf=pass (domain: gmail.com, ip: 209.85.128.51,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f51.google.com with SMTP id
 q198-20020a1ca7cf000000b0037bb52545c6so8222409wme.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=hSfclK+kD8tC9MSWVYM71GRYzlDS1Uk30GpWveUtAJ0=;
        b=PGf/ROS3PsmHqqbNJUrz9VjIAeANjXf+21xxz0IoyL0+9J0oeXG9/t5iIaknYSDq2u
         vnNfpqk9OyuAMeShfrov2xWyDdYFg6mxuch+suR9hNCRkxxfVgUlsBqKeWhEUN1631jy
         WqemDRzds5uiDDwSDsU5jDp+EAfof9bzZfWzC2+8SsoUkVSmz8oLj+uXZb7Uxee3tKGd
         95ST3/DJjJ8nGhRpilXjhf3ZU7/oFwhOKYlnMHZXSOPw2jyG87oNqZZl9eR4q2V/YcK4
         BgJ25nfxe2xrVPht79DwhFaszi4vTY3Y5ANXVFvbVqwLjqvNl0le7Bu6391f4nsFUotm
         xpSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=hSfclK+kD8tC9MSWVYM71GRYzlDS1Uk30GpWveUtAJ0=;
        b=vFEj3AtykdAVYFu7TYAN2SwXvGV3ZNgVq14iZ0jho5dvoWSoiAGlj8UDjYJF8sTS1q
         5NlRoYw/vDrB/tE5IMee1R+XTEEkRqarD6sQWOziaGt75ioOe2DlooF5vZ2wXhPSdeai
         N2HBBG75Oiq6GPn67mDTQZbXrQkAM+2SjcKtI+IMo2aU5bdchgxqq9BerG1NNLufSdUv
         hH7w5e/T4h5PtbqNSVmPlHEu3h+LVl/TpCNImbVaGLcC33W46FMF1y2p/fU6rebq5wHM
         DXUrMQW5gCUU4kQC5kPm6/ZgAainxREp3sxbvhDp9x/EPgLVVVB+T14l1XyBVoiJ5IAP
         1mrQ==
X-Gm-Message-State: AOAM533+jmkHjBF55ySPFolxYtIi4XQ7ZzYEhpLSYWTQNOo2OfuxZrix
	9R4CGev32G2JdEFB5EOF0ZE=
X-Google-Smtp-Source: 
 ABdhPJyPmSJ308CMmVfskNUSgYNa3zlfb2bN3nSqeBwlnhicUmZPVLVJSnWTXGMgBxJnkdX8yKXE0w==
X-Received: by 2002:a1c:4d0e:0:b0:37c:b85:5404 with SMTP id
 o14-20020a1c4d0e000000b0037c0b855404mr6221882wmh.184.1645178815910;
        Fri, 18 Feb 2022 02:06:55 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:55 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 37/46][dunfell] grub: fix checking for NULL
Date: Fri, 18 Feb 2022 11:05:45 +0100
Message-Id: <20220218100554.1315511-38-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161925

This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ader-bsd-Check-for-NULL-arg-up-front.patch | 47 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch

diff --git a/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch
new file mode 100644
index 0000000000..34643e10ab
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch
@@ -0,0 +1,47 @@
+From 7899384c8fdf9ed96566978c49b0c6e40e70703d Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 21:47:13 +0000
+Subject: [PATCH] loader/bsd: Check for NULL arg up-front
+
+The code in the next block suggests that it is possible for .set to be
+true but .arg may still be NULL.
+
+This code assumes that it is never NULL, yet later is testing if it is
+NULL - that is inconsistent.
+
+So we should check first if .arg is not NULL, and remove this check that
+is being flagged by Coverity since it is no longer required.
+
+Fixes: CID 292471
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/loader/i386/bsd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
+index b92cbe9..8432283 100644
+--- a/grub-core/loader/i386/bsd.c
++++ b/grub-core/loader/i386/bsd.c
+@@ -1605,7 +1605,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[])
+   kernel_type = KERNEL_TYPE_OPENBSD;
+   bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags);
+ 
+-  if (ctxt->state[OPENBSD_ROOT_ARG].set)
++  if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg != NULL)
+     {
+       const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg;
+       unsigned type, unit, part;
+@@ -1622,7 +1622,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[])
+ 			   "unknown disk type name");
+ 
+       unit = grub_strtoul (arg, (char **) &arg, 10);
+-      if (! (arg && *arg >= 'a' && *arg <= 'z'))
++      if (! (*arg >= 'a' && *arg <= 'z'))
+ 	return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ 			   "only device specifications of form "
+ 			   "<type><number><lowercase letter> are supported");
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1a4be33fca..8b55afccbb 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -83,6 +83,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \
            file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \
            file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
+           file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:46 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3791
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A8A1C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:06:59 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.web12.9116.1645178818378016031
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=BVwDTv8a;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 bg21-20020a05600c3c9500b0035283e7a012so6025267wmb.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=HdnFMHg4as7ahztXbxiZLTcJGq1AIpqYKPfctfdEBVI=;
        b=BVwDTv8aQ9y972uLiwB48epkwJZe8rJP6332iIGLxL0+A+XtVP9biNKvmr8bb+Ods2
         CNxOps/JIXOglumq/ceLLOcotqq2Ekgtyz07rFuV/x6tACU4dUe1SOf5wNrnf/07X79D
         o0KMyILBd1gDcnAdg2LDxfP3IxGdkrLt6a7aGowOtAGQc1IBplkLu3oiyd1agUQyCF8v
         cNpOSsKmzs46e+HOZP7DrW1QEyie4lhyBdMRf42tyzc+jpVq5fXDXqnkUfH0RRyCB3Zr
         JMkGL5II3suUe01VSA+2G3vKRGTBGSh9awbMS7QcB7DOTwZ/Tkm9osZaBcG41yBi3K73
         tmWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=HdnFMHg4as7ahztXbxiZLTcJGq1AIpqYKPfctfdEBVI=;
        b=gDNs5cfIIAkGzxKrMlz6vLiC/KYEFRGRsBf8ria368NVe05t8+emXCEUR+o+q52/Ob
         q1PqkFTqMWx3l0fz9ugr80ysji8cVrRWN7ShBqnYWb69/0b0UpiCz9yWxusILsXwb3D9
         kGxGwTvMRMdVyYJP1Leephr1Ueq1kVV9F33LPV1IS74D1C/7AqDAACVzrzbwcxq0K7ib
         Pm3pdtidnGob+ViDmFTvI5Myoym8tPuR/6M6++5jzVZ1QqkR4xyQxvuhefyg/Y3ICSUQ
         re454URp9+8lS6jqdkrq9tTiKzdN5wW8eSB6T/ZSty5bjB+nEj+nqFWdSZcTS4TTnzy/
         7Kkg==
X-Gm-Message-State: AOAM5305xOpGM1gF4m4cYhlm+2/4CyxIOO0pHK5+6D6Mo5mHjPIXzuR7
	gzHss48faw+1ikGG6lL/2B2f2m/e0pM=
X-Google-Smtp-Source: 
 ABdhPJyeZ+0qdRTRByNbyPeE7owJ5GN1hxiheziFPvLs0tVE+38OGE+QCeW06Vyrf0aJQiLLj6mFAw==
X-Received: by 2002:a05:600c:3486:b0:37c:d45c:179f with SMTP id
 a6-20020a05600c348600b0037cd45c179fmr6320844wmq.6.1645178816898;
        Fri, 18 Feb 2022 02:06:56 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:56 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 38/46][dunfell] grub: add a fix for a memory leak
Date: Fri, 18 Feb 2022 11:05:46 +0100
Message-Id: <20220218100554.1315511-39-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:06:59 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161926

This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 .../0038-loader-xnu-Fix-memory-leak.patch     | 38 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch

diff --git a/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch
new file mode 100644
index 0000000000..41f09a22fc
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch
@@ -0,0 +1,38 @@
+From 0a4aa7c16f65cdfaa1013f0796afa929f8d6dc1a Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 12:53:10 +0000
+Subject: [PATCH] loader/xnu: Fix memory leak
+
+The code here is finished with the memory stored in name, but it only
+frees it if there curvalue is valid, while it could actually free it
+regardless.
+
+The fix is a simple relocation of the grub_free() to before the test
+of curvalue.
+
+Fixes: CID 96646
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bcb59ece3263d118510c4440c4da0950f224bb7f]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/loader/xnu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 07232d2..b3029a8 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -1388,9 +1388,9 @@ grub_xnu_fill_devicetree (void)
+     name[len] = 0;
+ 
+     curvalue = grub_xnu_create_value (curkey, name);
++    grub_free (name);
+     if (!curvalue)
+       return grub_errno;
+-    grub_free (name);
+    
+     data = grub_malloc (grub_strlen (var->value) + 1);
+     if (!data)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 8b55afccbb..c9e7a06a3f 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -84,6 +84,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \
            file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
            file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
+           file://0038-loader-xnu-Fix-memory-leak.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:47 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3792
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7B188C433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:00 +0000 (UTC)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com
 [209.85.128.42])
 by mx.groups.io with SMTP id smtpd.web12.9117.1645178819243963143
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:59 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=VFd2Hvbo;
 spf=pass (domain: gmail.com, ip: 209.85.128.42,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f42.google.com with SMTP id
 x3-20020a05600c21c300b0037c01ad715bso6007369wmj.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:06:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=zAJGYlbDaghrJxEzT1FxRWRdsFh+wwqOK8JaI3+ofo0=;
        b=VFd2HvboBDnB/ySoY3R32Z5J86M22C+9K+UT+lWYqI1qNG9ELlnUvKD/rHCVRmhgaT
         018Lyv5fvI2WsBoGnIb462xDlUBlX2tdccBJiCBbqlTKVvDqmdJRaHE50btBBY8m7st2
         LXZzOQhsLRbGuOKHIWhlf7cRLqF2xFOoqVIQgXyBHB8x6xJhDyA3cjyBmvBW2FNf+UjQ
         mRAH2yq8UZ3Uv7O5Io4Rs1/hkDOSPY6zogPxY/AFFZSY6096hQdMSX8kpps8VG4r4gNY
         4WUmGaqrj1wm4cuq+HBz7NgWgMhdIt2Adn9tsTn0EY4Q8WK6t5V84Qkb2YWLZJby+ujo
         o2JA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=zAJGYlbDaghrJxEzT1FxRWRdsFh+wwqOK8JaI3+ofo0=;
        b=EMqBRLRqJ1u2mBsnTmgyNJw3XgewAPABy/o79Zuxvfhqff5VlaNP9L+qK6OSAQ7E1R
         tVgyDmfGfbz7jY62ZwiD/2JRzbsknqkG8yTRC6N5BFWgm2RGlwXAujczcnvOOUkLPF3d
         vFmJ7YqUK1f46njFLIlO6KvzCQ7uyrC+mtkVubetR1DzqqNpzSAEpG1HarjvIsaSv3Vj
         IeYrx1qHS2zy0ZpkY0QuohiwtbGVLyz+SgnIf/ODllK+pDgTOUgzqWGRqY2jNfhcBMDB
         OL1SJ4YniAYUw5egkItETlTzVMjWhXoqTo+BZ8m7yuRp9zkCjnmaIR8SKxQipgm8RiMs
         7nIQ==
X-Gm-Message-State: AOAM531j9uK+hzuzAJkNXHzTMmUkhdJkqBD2WPSKcRQ1UwA3P9ofskD+
	erdSjlTiN67+FLxsPzEos0s=
X-Google-Smtp-Source: 
 ABdhPJyioJStvm/+d4nfPgvLDS3NWVHt+MC2h4yqjYJnkMNdBSq7xEV6qJnGgeQAeysFFIuRfIDudA==
X-Received: by 2002:a7b:c057:0:b0:37b:ebad:c9c8 with SMTP id
 u23-20020a7bc057000000b0037bebadc9c8mr9881770wmc.61.1645178817806;
        Fri, 18 Feb 2022 02:06:57 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:57 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 39/46][dunfell] grub: avoid a memory leak
Date: Fri, 18 Feb 2022 11:05:47 +0100
Message-Id: <20220218100554.1315511-40-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161927

This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...driverkey-data-when-an-error-is-dete.patch | 77 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 78 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch

diff --git a/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch b/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
new file mode 100644
index 0000000000..f9ad0fc34c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
@@ -0,0 +1,77 @@
+From 81117a77a9e945ee5e7c1f12bd5667e2a16cbe32 Mon Sep 17 00:00:00 2001
+From: Marco A Benatto <mbenatto@redhat.com>
+Date: Mon, 30 Nov 2020 12:18:24 -0300
+Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
+ grub_xnu_writetree_toheap()
+
+... to avoid memory leaks.
+
+Fixes: CID 96640
+
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4b4027b6b1c877d7ab467896b04c7bd1aadcfa15]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/loader/xnu.c | 24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index b3029a8..39ceff8 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -224,26 +224,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
+   if (! memorymap)
+     return grub_errno;
+ 
+-  driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey));
++  driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey));
+   if (! driverkey)
+     return grub_errno;
+   driverkey->name = grub_strdup ("DeviceTree");
+   if (! driverkey->name)
+-    return grub_errno;
++    {
++      err = grub_errno;
++      goto fail;
++    }
++
+   driverkey->datasize = sizeof (*extdesc);
+   driverkey->next = memorymap->first_child;
+   memorymap->first_child = driverkey;
+   driverkey->data = extdesc
+     = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
+   if (! driverkey->data)
+-    return grub_errno;
++    {
++      err = grub_errno;
++      goto fail;
++    }
+ 
+   /* Allocate the space based on the size with dummy value. */
+   *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
+   err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
+ 			      &src, target);
+   if (err)
+-    return err;
++    goto fail;
+ 
+   /* Put real data in the dummy. */
+   extdesc->addr = *target;
+@@ -252,6 +259,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
+   /* Write the tree to heap. */
+   grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
+   return GRUB_ERR_NONE;
++
++ fail:
++  memorymap->first_child = NULL;
++
++  grub_free (driverkey->data);
++  grub_free (driverkey->name);
++  grub_free (driverkey);
++
++  return err;
+ }
+ 
+ /* Find a key or value in parent key. */
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c9e7a06a3f..eebe9a7233 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -85,6 +85,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
            file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
            file://0038-loader-xnu-Fix-memory-leak.patch \
+           file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:48 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3793
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 799FEC433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:01 +0000 (UTC)
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
 [209.85.128.43])
 by mx.groups.io with SMTP id smtpd.web08.8981.1645178820347762707
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:00 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=iWtJzHIZ;
 spf=pass (domain: gmail.com, ip: 209.85.128.43,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f43.google.com with SMTP id c192so4884802wma.4
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=4gJLTulEAeKLnRuADRou7LbAOhwqbOMhlq9+PmPGm1s=;
        b=iWtJzHIZYRbr8wxZ7i18EQI8l1M1T6dTIr/X1sT0D3HY6RoyaN4qFy2bEry+VngfW1
         NM5+KnPUdro/7aq92CmA0/c0mp1EhRUw0Axgl+CpuDGQ8UJdSShocu51wOf+w8LdF68C
         GLa5DV1DQlWpWeRbE4JAT0DdmQbr97WQVB5bfIDyd9GaFyFKEVFsW4EnW0bPeC40+5zr
         IQVbnimtvcYk3Tb0TR2+LjWcWXfDPD2sR8AqdJHjmECswN58E6pbbvQ0V66OdtN3ehJ1
         5nh7OkDiKTWRvG50ccHPPZAujDYxu3oAWi26nsUWJxgUN3NLcNV/bBQwHv/R11Ixq/by
         DK5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=4gJLTulEAeKLnRuADRou7LbAOhwqbOMhlq9+PmPGm1s=;
        b=Pg3iJg3bDVAbrRqwGBUWFWFTeXv8tBX0wJzGTfoDF/CbsX+CdSX/31Z9Rfrj2pdduT
         viZQDG4x0DsdT+LNn48dgYERQ+J33Nyfrx1WG6a10oM+yId23x/E760HXkfuzOj6KBUv
         +QVd9yjgHz1uURwo/QAMzNZlsMRI1g3hEgq4l8Cd2dfT82x/cZ//hHoN0FkCTAUaYp+y
         7q220M62u8uVSMZVWKDSV2Rtzx9a/n1kqWuYPv0lz1rfQ1S+b2cZTp9rMVx38RbJfDOA
         45X/rQDKZ3soBGsFrSZYSdDFwd0LJqnYFC9FgDvYcf8YY3Nmx0Ka0kIuYDahV3D63rYU
         QtKw==
X-Gm-Message-State: AOAM530YlClbHgozZLhto9rkRptCBeSm9oF+eVRO2m4YrXtaxhi07etW
	4lDtKulTcE1mWLQ037Ak3OI=
X-Google-Smtp-Source: 
 ABdhPJx+hdErfyWdwaq8eN4GcF6yNG1QlcEQP8EpEAUhUVgt1P4DBz/Yb7ZAqzLsVWVcOgjA4qn7Rw==
X-Received: by 2002:a05:600c:1c1a:b0:37b:ead2:8e6d with SMTP id
 j26-20020a05600c1c1a00b0037bead28e6dmr10196313wms.94.1645178818876;
        Fri, 18 Feb 2022 02:06:58 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:58 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 40/46][dunfell] grub: add a check for a NULL pointer
Date: Fri, 18 Feb 2022 11:05:48 +0100
Message-Id: <20220218100554.1315511-41-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161928

This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...k-if-pointer-is-NULL-before-using-it.patch | 42 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch

diff --git a/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch b/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
new file mode 100644
index 0000000000..8081f7763a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
@@ -0,0 +1,42 @@
+From 778a3fffd19229e5650a1abfb06c974949991cd4 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Date: Mon, 30 Nov 2020 10:36:00 -0300
+Subject: [PATCH] loader/xnu: Check if pointer is NULL before using it
+
+Fixes: CID 73654
+
+Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7c8a2b5d1421a0f2a33d33531f7561f3da93b844]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/loader/xnu.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 39ceff8..adc048c 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -667,6 +667,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile,
+   char *name, *nameend;
+   int namelen;
+ 
++  if (infoplistname == NULL)
++    return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing p-list filename"));
++
+   name = get_name_ptr (infoplistname);
+   nameend = grub_strchr (name, '/');
+ 
+@@ -698,10 +701,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile,
+   else
+     macho = 0;
+ 
+-  if (infoplistname)
+-    infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST);
+-  else
+-    infoplist = 0;
++  infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST);
+   grub_errno = GRUB_ERR_NONE;
+   if (infoplist)
+     {
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index eebe9a7233..fad7415e0d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -86,6 +86,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
            file://0038-loader-xnu-Fix-memory-leak.patch \
            file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
+           file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:49 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3794
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 798AEC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:02 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.web10.9093.1645178821292198270
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:01 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=jgzq4qeQ;
 spf=pass (domain: gmail.com, ip: 209.85.128.47,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f47.google.com with SMTP id
 k127-20020a1ca185000000b0037bc4be8713so8219320wme.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=YbgwM5ePXoPYVfm7W2uZRRtjOKUuCVh3Wjfh0qSzu/E=;
        b=jgzq4qeQP5VdDRHLIoToh0czxDZCWPaiQedYHLvyRCJhs21/s3W0/ab0cGwPqn4Mfm
         0kAuCC1wcfNB0SXMzWmitaSXPJ8l9Mz8n6qz/s/3jnYYfhVruIj+nS5CXdiQh6GbKmYF
         tHD9+ujgJa/PcOjZio7vQIy/LV7dxU4uLDVrn0tTR99cidJpu8Oqs2e0jaD6/vusizJC
         WjnL+0y/+mC7jvlGxdfT+9iEh66X9Wq43f938SqqsoaWIkVDzeQdvwHzx62QEecI9aNw
         drV/a8l9enb8Kp72LFxy7yLMKlEGBUWchAyt3WFZ+qCuAlfdNXUS+e5Yg88oL+vx4ts2
         CiPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=YbgwM5ePXoPYVfm7W2uZRRtjOKUuCVh3Wjfh0qSzu/E=;
        b=E0AFueqtQZfPR1UjGR4AO9IROfHCaNk7NeiKD1TzksB+HMJbRSfOawYzDNo3CFdd7B
         X9sKzhiMkM9AS2RQx5Csb6S+RoUa4rHUE5UHj+r96kahEy6m80VdafWzhrwshE5dPQ8C
         +4yxZIvdp8Oe2c0102RHFSvX4B5PWsfRiZUlFm7p9s4BYVinmLgvPMBIkGwiF4SNu0Ym
         QrhmkxcJ7Qxs5zRhyT06bke+6hNb3CPfQzRwjFZkrk+4UFWAh/oWF+z3frsGyExwVsRV
         ehxDirABpIf9x9khokhHDKBVDpVQKRGCKbXRv9q5qgiIcMgny7ma0AOBqgfXXUHBZWuQ
         gYoA==
X-Gm-Message-State: AOAM531ZH+5Ej7FsV9rjgEaJYTZY0XxydIpwx/JhcNm+Ul1reK48mgBZ
	OFGln3YCbSyj2ZtikRGa5X8=
X-Google-Smtp-Source: 
 ABdhPJwlxGywdVwNqEyTIp30qClRZxeu9ZHKY85pvjNcnu+ukrC9GolR/1VUmKosfmcQ9oz0BapQMQ==
X-Received: by 2002:a05:600c:4f90:b0:350:d962:8944 with SMTP id
 n16-20020a05600c4f9000b00350d9628944mr6369322wmq.48.1645178819844;
        Fri, 18 Feb 2022 02:06:59 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:06:59 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 41/46][dunfell] grub: add a fix for NULL pointer dereference
Date: Fri, 18 Feb 2022 11:05:49 +0100
Message-Id: <20220218100554.1315511-42-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:02 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161929

This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...nstall-Fix-NULL-pointer-dereferences.patch | 41 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch

diff --git a/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch b/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch
new file mode 100644
index 0000000000..ea563a41a0
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch
@@ -0,0 +1,41 @@
+From 5d2dd0052474a882a22e47cc8c3ed87a01819f6b Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 25 Feb 2021 18:35:01 +0100
+Subject: [PATCH] util/grub-install: Fix NULL pointer dereferences
+
+Two grub_device_open() calls does not have associated NULL checks
+for returned values. Fix that and appease the Coverity.
+
+Fixes: CID 314583
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b3a95655b4391122e7b0315d8cc6f876caf8183]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ util/grub-install.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/util/grub-install.c b/util/grub-install.c
+index a82725f..367350f 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -1775,6 +1775,8 @@ main (int argc, char *argv[])
+ 	  fill_core_services (core_services);
+ 
+ 	  ins_dev = grub_device_open (install_drive);
++	  if (ins_dev == NULL)
++	    grub_util_error ("%s", grub_errmsg);
+ 
+ 	  bless (ins_dev, core_services, 0);
+ 
+@@ -1875,6 +1877,8 @@ main (int argc, char *argv[])
+ 	  fill_core_services(core_services);
+ 
+ 	  ins_dev = grub_device_open (install_drive);
++	  if (ins_dev == NULL)
++	    grub_util_error ("%s", grub_errmsg);
+ 
+ 	  bless (ins_dev, boot_efi, 1);
+ 	  if (!removable && update_nvram)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index fad7415e0d..7ca0b469e9 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -87,6 +87,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0038-loader-xnu-Fix-memory-leak.patch \
            file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
            file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
+           file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:50 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3795
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 797BBC433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:03 +0000 (UTC)
Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com
 [209.85.221.48])
 by mx.groups.io with SMTP id smtpd.web10.9095.1645178822336710130
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:02 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=exUNkfoq;
 spf=pass (domain: gmail.com, ip: 209.85.221.48,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f48.google.com with SMTP id v12so13680422wrv.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=95zYeBRktPqabbGoTbLockpLIb9ujYHVc5tFNXim8vA=;
        b=exUNkfoqyyxrySpORLslbg72EygtdQg5zLqsBa1u0ASRBsR8znQMxQZ8b6Tk57otWe
         qN7TCjOAwxnMBcYocXjDyv4XZ5lNiQ0xyt9g6SbKXVvJ6pcnmJoe5Tvd8h3S29wgcHHM
         DFA3HxnXeVPv5XBou6vXPM1/acind9OJHiVGuOpL1UNAacFR+iFpEy69NEplLB2SBfF+
         ZY3bL4GrxjGOC7PgulthO4AeVEdX4g+srZZjLVVxkB8JK2/KqC5e87a/i9nzNRMc8hWu
         m0JuTJxkS/L6t1U8polEKA9Br69Ex3ZKw6S6JsUgxkusk/GynCWJ2V96VQWbECfZ4nLK
         bc6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=95zYeBRktPqabbGoTbLockpLIb9ujYHVc5tFNXim8vA=;
        b=G9BXVLKkCJMbSxjTN8Vk36qj0+bbQWCXrDAlAyZJK/l+IC7q7h5e0NjYm+vLoP/gqx
         vb1LHjMi3TbSQd7X0blEhrTYTjxFPmkw1FjuQWfr7atL06oB21C21auI1FXlLqcWnO3W
         PlFuRFYxLyvZVDdvj9jOtJyWfIScW1towin8PLoaqqMzZZZ+3FnpxdJcEwFZ/NpnM05e
         LagBBiSPxHU0xpyhdf41YW77rdW3BTJTxoQ31eh9j8PEeLbeIZ/elw2Q/2YiOxAVvZ/c
         apNXueg4k5SBc3gRhYUEnkUlUhHBxhy47L7CNCDXmQ3jjEiQIe20+qV8BAkJWct7HCqq
         wBYQ==
X-Gm-Message-State: AOAM5307LPHZoKxzexcqKxJdFrsZBkzlxi8aEzfHKt2J4mcjWKmElkJU
	BNmwBb7ydxf7W1Zps3wvfcw=
X-Google-Smtp-Source: 
 ABdhPJyFQU+eZPJFKXkbKjkogw0i8O33EgtASodHFxRSj35/Qk4xX8m1I48qc1ZKIuv9jbOP86jZlg==
X-Received: by 2002:adf:e942:0:b0:1e3:353:d162 with SMTP id
 m2-20020adfe942000000b001e30353d162mr5426465wrn.299.1645178820920;
        Fri, 18 Feb 2022 02:07:00 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.06.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:07:00 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 42/46][dunfell] grub: add a fix for an incorrect cast
Date: Fri, 18 Feb 2022 11:05:50 +0100
Message-Id: <20220218100554.1315511-43-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:03 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161930

This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...v-Fix-incorrect-casting-of-a-signed-.patch | 46 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch

diff --git a/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch b/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
new file mode 100644
index 0000000000..0cd8ec3611
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
@@ -0,0 +1,46 @@
+From 3d68daf2567aace4b52bd238cfd4a8111af3bc04 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 14:33:50 +0000
+Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value
+
+The return value of ftell() may be negative (-1) on error. While it is
+probably unlikely to occur, we should not blindly cast to an unsigned
+value without first testing that it is not negative.
+
+Fixes: CID 73856
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5dc41edc4eba259c6043ae7698c245ec1baaacc6]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ util/grub-editenv.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-editenv.c b/util/grub-editenv.c
+index f3662c9..db6f187 100644
+--- a/util/grub-editenv.c
++++ b/util/grub-editenv.c
+@@ -125,6 +125,7 @@ open_envblk_file (const char *name)
+ {
+   FILE *fp;
+   char *buf;
++  long loc;
+   size_t size;
+   grub_envblk_t envblk;
+ 
+@@ -143,7 +144,12 @@ open_envblk_file (const char *name)
+     grub_util_error (_("cannot seek `%s': %s"), name,
+ 		     strerror (errno));
+ 
+-  size = (size_t) ftell (fp);
++  loc = ftell (fp);
++  if (loc < 0)
++    grub_util_error (_("cannot get file location `%s': %s"), name,
++		     strerror (errno));
++
++  size = (size_t) loc;
+ 
+   if (fseek (fp, 0, SEEK_SET) < 0)
+     grub_util_error (_("cannot seek `%s': %s"), name,
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7ca0b469e9..a1fbc5e644 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -88,6 +88,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
            file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
            file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \
+           file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:51 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3796
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7B9ABC433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:04 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.web12.9119.1645178823266241028
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:03 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Fg7WDI6L;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 q198-20020a1ca7cf000000b0037bb52545c6so8222569wme.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=MCtne/RIUcrQpxCr80pxg7X2Nd2iOmLu+TFr1nJtrG0=;
        b=Fg7WDI6LfL+mEOcQQvRxoWpXa5OPpY5BUG2NA6/YnnqL2hgPUnYYxv0X/tSTPssQC5
         +H/YsXAqyn2f2kis2X8157+7uWhPvPynlgUemxujrwPfX5YW7xNX1o4L7B25l1l2+omT
         2r8IBfHWM14+ObJNrlUSNdUV7DW2UR2tSJr2j7IpaKGtR5lOs9ol/ZBB4f3tG+tFn6Mm
         jzbFkWbz7HsKhRVHLJ+n+f1dpRSJH4LmbScl7GCxYfGWAHK4l5DsZrulKwrv2D2sLUr6
         1pV42HabfZutpxjOvdWcHhcfFBtBC1JoP5YDfqPhQ1TIAE+rKlDU0mvgHZuRSv/B4/dN
         T+jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=MCtne/RIUcrQpxCr80pxg7X2Nd2iOmLu+TFr1nJtrG0=;
        b=k7zOq6heHfXQRwrcpN1t0ZS+nH5hx392TJKhxtBU1062P2j8RWgVD47YGjaPQUO5bA
         PnY6wwWHduxvnF1XTFaZ/9rYGBakYURsLpMYpemyLt6PbH/zVHvzI+3QoZRh2lLk+sD8
         +U20H8AoCuE4y3mAM+U9CU+o5Dx3gasuojhP5tKQ68aqiHzxl1UQBPEkFC2c7STpQA9p
         1g9M4QPS34D4Fe6Ls3PaEmhfs+Spyz8Q2INJ2qAXCw6asdKWW1J5rQMtDEHZzGgE5OM2
         NkbiP/hGdp6Ti7jF2/N7QVk/TvmJDfuBQ4m7afLS2sTHeUmWz73w8kWiIF1toLJsmgrL
         0e4A==
X-Gm-Message-State: AOAM5334eoSyBKsN0qcXVdpBeW4n/yiZUI81RY3ALabywqGCzsFD8PsA
	ss8cDh/yyS9QQU0Qv16oRTE=
X-Google-Smtp-Source: 
 ABdhPJyjG8uLMy87rQ4PXgeV2yJyNHKdAXAPRaSiq2b8zz4X10MXX2qpgJ0DIHBXVtejeDValuxjFg==
X-Received: by 2002:a7b:c192:0:b0:37b:c6f5:4df0 with SMTP id
 y18-20020a7bc192000000b0037bc6f54df0mr6498964wmi.79.1645178821792;
        Fri, 18 Feb 2022 02:07:01 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.07.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:07:01 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 43/46][dunfell] grub: fix incorrect use of a negative value
Date: Fri, 18 Feb 2022 11:05:51 +0100
Message-Id: <20220218100554.1315511-44-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:04 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161931

This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...x-incorrect-use-of-a-possibly-negati.patch | 50 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch

diff --git a/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch b/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
new file mode 100644
index 0000000000..66d7c0aa42
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
@@ -0,0 +1,50 @@
+From e301a0f38a2130eb80f346c31e43bf5089af583c Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 15:04:28 +0000
+Subject: [PATCH] util/glue-efi: Fix incorrect use of a possibly negative value
+
+It is possible for the ftell() function to return a negative value,
+although it is fairly unlikely here, we should be checking for
+a negative value before we assign it to an unsigned value.
+
+Fixes: CID 73744
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ util/glue-efi.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/util/glue-efi.c b/util/glue-efi.c
+index 68f5316..de0fa6d 100644
+--- a/util/glue-efi.c
++++ b/util/glue-efi.c
+@@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char *out_filename,
+   struct grub_macho_fat_header head;
+   struct grub_macho_fat_arch arch32, arch64;
+   grub_uint32_t size32, size64;
++  long size;
+   char *buf;
+ 
+   fseek (in32, 0, SEEK_END);
+-  size32 = ftell (in32);
++  size = ftell (in32);
++  if (size < 0)
++    grub_util_error ("cannot get end of input file '%s': %s",
++		     name32, strerror (errno));
++  size32 = (grub_uint32_t) size;
+   fseek (in32, 0, SEEK_SET);
++
+   fseek (in64, 0, SEEK_END);
+-  size64 = ftell (in64);
++  size = ftell (in64);
++  if (size < 0)
++    grub_util_error ("cannot get end of input file '%s': %s",
++		     name64, strerror (errno));
++  size64 = (grub_uint64_t) size;
+   fseek (in64, 0, SEEK_SET);
+ 
+   head.magic = grub_cpu_to_le32_compile_time (GRUB_MACHO_FAT_EFI_MAGIC);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a1fbc5e644..2f230065b2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -89,6 +89,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
            file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \
            file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
+           file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:52 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3797
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7C7D7C433FE
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:05 +0000 (UTC)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com
 [209.85.221.47])
 by mx.groups.io with SMTP id smtpd.web08.8984.1645178824218536901
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:04 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Jotc4KNB;
 spf=pass (domain: gmail.com, ip: 209.85.221.47,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f47.google.com with SMTP id f3so13494004wrh.7
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=cBEf0jwh2Jmdlj65M3J9HnLmTfm6BZhZaQUQT1ZoryU=;
        b=Jotc4KNBlKEYrDS15vLO4eo9fAeE/o3k6dt5rMTWmf74okNkLPwGdN92cAdjCSFtaK
         bpvxQ0rHX08hxU6LUUK13Aw5Y3SJRh4wgvc1c34OqiwGW+Xnhi9/NIv1WtRTLBcKKeBK
         92vSsS1u+sl0EbttzjvhorR2zerMJChhG45xRjng/ryqXBiIabxvGC1/ZC1Tis9wJKDr
         ji4SYifK3NO7gjcP9GL4ZMA/owMr/nE/vFR2es9+fUey+Gz/4Uca4lXoG29lfhz3iQSo
         E0zFRyNQoju1RlxrIZsl1wIbjbP1M0KxKepJhp22p4MEl2/o7LweUl1fKAWXTeZ4iKD8
         9diA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=cBEf0jwh2Jmdlj65M3J9HnLmTfm6BZhZaQUQT1ZoryU=;
        b=zjdDRIdTq0L7OIEaT0BhFhxfvWJO2X+I5+nWwvTOCpGhUzw+kU7cLXvRGRjE6R/7RP
         R55XA3RXYxZvh2YlDC49cbQQCTyoqm2XlvvFduTqTh6mFyUoCuy4hK8ErU9qHDcM3VyH
         KSKdNzFg8NKwiyWk6Sus84c1Q5FStoksewdTdn6WXN4zA++KC4ArBR36mSjqqN2XO8dc
         koWlCf8K6Pi9OI8VQ5Awu+5fwYAjgdzTLPnnlMPkogd3zNK0ETh1xkAUFiIzbiecVeeU
         MKLIoPV9zyvHzXNXMO3cHeg5iMvVEO/Tfsn/JexY/r8t7u4nHjegf0iT7sHnaQDyFMQ7
         QPtw==
X-Gm-Message-State: AOAM53184HkDFW8bNBiHYXcsSGxIWXGwel2XILe3LobbHAzr30euDr0W
	mGQ+D867jF5XW2lOBnl65kk=
X-Google-Smtp-Source: 
 ABdhPJwjNQEEaX+nYm/V4aY4uQGSjnKIGzFcAwTzBvGK2mHqf8jqjZPlFMhAwECy7Rc7jn7c56A7cw==
X-Received: by 2002:adf:816c:0:b0:1e6:88a9:eb6c with SMTP id
 99-20020adf816c000000b001e688a9eb6cmr5383027wrm.645.1645178822737;
        Fri, 18 Feb 2022 02:07:02 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.07.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:07:02 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 44/46][dunfell] grub: add a fix for a NULL pointer dereference
Date: Fri, 18 Feb 2022 11:05:52 +0100
Message-Id: <20220218100554.1315511-45-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161932

This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ix-NULL-dereference-in-grub_script_e.patch | 28 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch

diff --git a/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch b/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
new file mode 100644
index 0000000000..b279222fff
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
@@ -0,0 +1,28 @@
+From f5fb56954e5926ced42a980c3e0842ffd5fea2aa Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 3 Apr 2020 23:05:13 +1100
+Subject: [PATCH] script/execute: Fix NULL dereference in
+ grub_script_execute_cmdline()
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=41ae93b2e6c75453514629bcfe684300e3aec0ce]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/script/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 7e028e1..5ea2aef 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -940,7 +940,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
+   struct grub_script_argv argv = { 0, 0, 0 };
+ 
+   /* Lookup the command.  */
+-  if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
++  if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args || ! argv.args[0])
+     return grub_errno;
+ 
+   for (i = 0; i < argv.argc; i++)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2f230065b2..84b8b8d1be 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -90,6 +90,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \
            file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
            file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
+           file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:53 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3798
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79DF7C433EF
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:06 +0000 (UTC)
Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com
 [209.85.221.45])
 by mx.groups.io with SMTP id smtpd.web08.8985.1645178825129024173
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:05 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=E3qgCxFu;
 spf=pass (domain: gmail.com, ip: 209.85.221.45,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f45.google.com with SMTP id d27so13658449wrb.5
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=6NI780j21Y6gcQrr2si6kaVWRmoFdfjs3nPdEEZ5Xl4=;
        b=E3qgCxFuBAd+aPuyhg3Ep1Xg2WinpLDo1+OoWsvI9ReU3+OYbwt/15G+YmOrWcyncz
         fMtX4rSRjIPUtvANCisvp7mXWSie4w98D7ZDf9eqfWqBA7tzkaWWJy6U0C4v2xOguFD6
         wuno7VttxVDYYezqu/rfrBQ31kJjWcvcSCaWYCvUdgPvi+tN9wO/FA4vY2nlhr7GTVH6
         Rv27l1nt+RBmOpWbAsJTRsHaQqgQrikfQw3gjqwL9HQnupUrTeBN4p6qbmnkj5+Fcvzn
         CXXUwU2y5I6mVlAxDgBftAMbvn7YK7QUgB70X1wW90AcewNR5GVC6MvD+QBgnW3CPt3X
         N+cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=6NI780j21Y6gcQrr2si6kaVWRmoFdfjs3nPdEEZ5Xl4=;
        b=Kt77iAE3ldIyx4o2YPb4CJbXbtdF+Hbdj+cXUeu9TISng5DwX/b3mF2E8z8TBb/QZJ
         YymXiz+T9RtaHB2y3dgx0eDmpsGp91PMluBN2bxif/shwqSXAmNJb3Sa9p8AfF4JjX5Q
         8KI131EFFvWagJCJXEmry6s8Xu5P6lJw9l/m3b7vbHJrITtKe5saLAjk+FNOClgazmte
         sTXC7bpejlS2S7OSosxJX3zhBptw33UhoLxLCBOTWwrXNj1dan3mR+ES1KoE+Y6w68wF
         E4L+F4rSlMXafps14Ma562aT/WZQcT2i2DlSdUhFL54fVD0ARwa223pgSQ3LoMnNOrxG
         +wkA==
X-Gm-Message-State: AOAM5332mCvzXwiwrIlM8gF0y/6msAKJPm/6JuXAzyh10O59svlHiU/h
	yYhIEjhRRYVoOMrrqjtQaCyDAwtPriY=
X-Google-Smtp-Source: 
 ABdhPJxUUvFHMYSrKiNMK1s5qLMPKechAL56SmaRvTCABHyCr7+W4g4E/UdtzNx6EehROt5w0ITDHA==
X-Received: by 2002:a5d:6f0a:0:b0:1e4:a354:a7e with SMTP id
 ay10-20020a5d6f0a000000b001e4a3540a7emr5370814wrb.423.1645178823629;
        Fri, 18 Feb 2022 02:07:03 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.07.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:07:03 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 45/46][dunfell] grub: avoid a NULL pointer dereference
Date: Fri, 18 Feb 2022 11:05:53 +0100
Message-Id: <20220218100554.1315511-46-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:06 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161933

This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...ire-device_name-is-not-NULL-before-p.patch | 33 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch

diff --git a/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
new file mode 100644
index 0000000000..5a327fe1d2
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
@@ -0,0 +1,33 @@
+From dd82f98fa642907817f59aeaf3761b786898df85 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 11 Jan 2021 16:57:37 +1100
+Subject: [PATCH] commands/ls: Require device_name is not NULL before printing
+
+This can be triggered with:
+  ls -l (0 0*)
+and causes a NULL deref in grub_normal_print_device_info().
+
+I'm not sure if there's any implication with the IEEE 1275 platform.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6afbe6063c95b827372f9ec310c9fc7461311eb1]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/commands/ls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c
+index 5b7491a..326d2d6 100644
+--- a/grub-core/commands/ls.c
++++ b/grub-core/commands/ls.c
+@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human)
+       goto fail;
+     }
+ 
+-  if (! *path)
++  if (! *path && device_name)
+     {
+       if (grub_errno == GRUB_ERR_UNKNOWN_FS)
+ 	grub_errno = GRUB_ERR_NONE;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 84b8b8d1be..0454b09d52 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -91,6 +91,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
            file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
            file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
+           file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

From patchwork Fri Feb 18 10:05:54 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marta Rybczynska <rybczynska@gmail.com>
X-Patchwork-Id: 3799
Return-Path: <rybczynska@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7C2DCC433F5
	for <webhook@archiver.kernel.org>; Fri, 18 Feb 2022 10:07:07 +0000 (UTC)
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com
 [209.85.221.44])
 by mx.groups.io with SMTP id smtpd.web11.9191.1645178825979286016
 for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:06 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=YqKLlQOP;
 spf=pass (domain: gmail.com, ip: 209.85.221.44,
 mailfrom: rybczynska@gmail.com)
Received: by mail-wr1-f44.google.com with SMTP id u1so13615186wrg.11
        for <openembedded-core@lists.openembedded.org>;
 Fri, 18 Feb 2022 02:07:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=3acWfQv3/xRAAUnl3FzY4sJA23B38zezFyuagC4OG1U=;
        b=YqKLlQOP2VRJzzT7upCd1CPga/0D4H+Sp8bouXmb/ggn6r2QPlXW6aBZPooMcE1iYe
         548bHiGG9mRPdO+6fj9aF0LzHWCXBssYh39AIs03sWsRjWNvpkF5Tf7jsQXtJSQHCDWV
         uzWFjmdjQXnZdYC/gccLiPxOlkFKE9f3JbK/WFwTaaS6mq1tj7i6u9QRHCLNy8lrJxky
         tYSUve+7uDIGNsExRrUeVQ/ifenz1+2bmNJuDAFRJpYcf3mbgLHDS/f4nVq7nG5U0yYF
         HwvG57X5HpaLjAcvjK8esPrd2BYAfhN6G830wZjdfmoxVv49Qi0ubl2SuXODqpZ2fIBf
         BcJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=3acWfQv3/xRAAUnl3FzY4sJA23B38zezFyuagC4OG1U=;
        b=pqo0EObgyGWtKCX9uAPsRuLIQewq7l4Moy4WeRnww+c+UWqKh6tn+55BigB0XYfL7H
         Ic/RsxVuJTAc5y9qvJ++r8tJUy7fWMLInUDSUeQElOeDnwmacO8k8S9X5yLPuR59vGNm
         r3raqdEe2RnpjrRNjV7wIp5htxnoTVBJT5PHtQ7/q4TTuqKTf51VfO8bdZbu1FeeQ4el
         aWG0GO9PStbdX1rL1oIdm8RIynRfjH1EqFhLz5//hBPfqKNohJ48iLHC8Nnn2VQ2e9wG
         ayvcS6hAJJkcMidQUh14JXYUvRZlgsiGRHskShIupJsYcpoT9/p2OSOUC27In4Algl76
         nJ2g==
X-Gm-Message-State: AOAM532IGoV6ICMUHjR2rrYFSjYfJ1aWx2Np6J/k9OkpjI83fxNCWPEc
	FBaVdAM+67i/Q/XvSi2/sCY=
X-Google-Smtp-Source: 
 ABdhPJyOM6icoYghc3/KEREOR9q3fWd8gB02FkvBFcZhfCeTKItBwtKlzPnLqelsVIcMGYUoRB6Svg==
X-Received: by 2002:a5d:4534:0:b0:1e4:9d38:2d4f with SMTP id
 j20-20020a5d4534000000b001e49d382d4fmr5630524wra.2.1645178824547;
        Fri, 18 Feb 2022 02:07:04 -0800 (PST)
Received: from localhost.localdomain ([80.215.178.41])
        by smtp.gmail.com with ESMTPSA id
 z5sm4808494wmp.10.2022.02.18.02.07.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 18 Feb 2022 02:07:04 -0800 (PST)
From: Marta Rybczynska <rybczynska@gmail.com>
To: anuj.mittal@intel.com,
	openembedded-core@lists.openembedded.org,
	steve@sakoman.com
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Marta Rybczynska <marta.rybczynska@huawei.com>
Subject: [PATCH 46/46][dunfell] grub: add a fix for a crash in scripts
Date: Fri, 18 Feb 2022 11:05:54 +0100
Message-Id: <20220218100554.1315511-47-rybczynska@gmail.com>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20220218100554.1315511-1-rybczynska@gmail.com>
References: <20220218100554.1315511-1-rybczynska@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 18 Feb 2022 10:07:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/161934

This patch adds a fix for a crash in grub's script handling. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 ...void-crash-when-using-outside-a-func.patch | 37 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch

diff --git a/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch b/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch
new file mode 100644
index 0000000000..84117a9073
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch
@@ -0,0 +1,37 @@
+From df2505c4c3cf42b0c419c99a5f9e1ce63e5a5938 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 11 Jan 2021 17:30:42 +1100
+Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a
+ function scope
+
+"$#" represents the number of arguments to a function. It is only
+defined in a function scope, where "scope" is non-NULL. Currently,
+if we attempt to evaluate "$#" outside a function scope, "scope" will
+be NULL and we will crash with a NULL pointer dereference.
+
+Do not attempt to count arguments for "$#" if "scope" is NULL. This
+will result in "$#" being interpreted as an empty string if evaluated
+outside a function scope.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fe0586347ee46f927ae27bb9673532da9f5dead5]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/script/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 5ea2aef..23d34bd 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -485,7 +485,7 @@ gettext_putvar (const char *str, grub_size_t len,
+     return 0;
+ 
+   /* Enough for any number.  */
+-  if (len == 1 && str[0] == '#')
++  if (len == 1 && str[0] == '#' && scope != NULL)
+     {
+       grub_snprintf (*ptr, 30, "%u", scope->argv.argc);
+       *ptr += grub_strlen (*ptr);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 0454b09d52..75ef31f249 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -92,6 +92,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
            file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
            file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
+           file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
            "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"