Dear Team, During tests I noticed that GRUB 2.04 hangs if SecureBoot verification through shim_lock fails.
Analyzing the problem I noticed that grub_verifiers_open in grub-core/commands/verifiers.c unconditionally calls ver->close in its fail: handling. Other calls to ver->close in grub_verifiers_open are guarded. The attached patch makes sure that ver->close is only called when not NULL and fixed the hang/crash I experienced. If you have any questions please feel free to contact me. Kind regards, Thomas
From 3078fa74aa2d1350f0a71480d2d772d711adf519 Mon Sep 17 00:00:00 2001 From: Thomas Frauendorfer | Miray Software <[email protected]> Date: Wed, 11 Sep 2019 11:16:03 +0200 Subject: [PATCH] Only call ver->close if it is set in verifier The 'fail:' branch in Verifiers unconditionally calls ver->close but some verifiers like shim_lock have no close method set. If verification with such a verifier fails then grub will hang --- grub-core/commands/verifiers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) mode change 100644 => 100755 grub-core/commands/verifiers.c diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c old mode 100644 new mode 100755 index 0dde481..7b9297c --- a/grub-core/commands/verifiers.c +++ b/grub-core/commands/verifiers.c @@ -196,7 +196,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) return ret; fail: - ver->close (context); + if (ver->close) + ver->close (context); fail_noclose: verified_free (verified); grub_free (ret); -- 1.9.1
_______________________________________________ Bug-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/bug-grub
