[PATCH v11 07/14] libgcrypt: Fix coverity warnings

Tue, 15 Apr 2025 04:19:22 -0700 

Signed-off-by: Vladimir Serbinenko <phco...@gmail.com>
---
 .../libgcrypt-patches/03_mpiutil_alloc.patch  | 20 ++++++++++
 .../lib/libgcrypt-patches/03_sexp_free.patch  | 37 +++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
 create mode 100644 grub-core/lib/libgcrypt-patches/03_sexp_free.patch

diff --git a/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch 
b/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
new file mode 100644
index 000000000..7014f827d
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
@@ -0,0 +1,20 @@
+Fix NULL pointer dereference in case of failed alloc
+
+CID# 369001
+
+Signed-off-by: Vladimir Serbinenko <phco...@gmail.com>
+
+diff --git a/grub-core/lib/libgcrypt/mpi/mpiutil.c 
b/grub-core/lib/libgcrypt/mpi/mpiutil.c
+index 3a372374f..dc53db09d 100644
+--- a/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
++++ b/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
+@@ -432,6 +432,9 @@ _gcry_mpi_alloc_like( gcry_mpi_t a )
+       int n = (a->sign+7)/8;
+       void *p = _gcry_is_secure(a->d)? xtrymalloc_secure (n)
+                                        : xtrymalloc (n);
++      if ( !p ) {
++            _gcry_fatal_error (GPG_ERR_ENOMEM, NULL);
++      }
+       memcpy( p, a->d, n );
+       b = mpi_set_opaque( NULL, p, a->sign );
+     }
diff --git a/grub-core/lib/libgcrypt-patches/03_sexp_free.patch 
b/grub-core/lib/libgcrypt-patches/03_sexp_free.patch
new file mode 100644
index 000000000..33552ef54
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/03_sexp_free.patch
@@ -0,0 +1,37 @@
+sexp: Add missing free on error path
+
+CID# 541475
+
+Signed-off-by: Vladimir Serbinenko <phco...@gmail.com>
+
+diff --git a/grub-core/lib/libgcrypt/src/sexp.c 
b/grub-core/lib/libgcrypt/src/sexp.c
+index d15f1a790..250559f75 100644
+--- a/grub-core/lib/libgcrypt-grub/src/sexp.c
++++ b/grub-core/lib/libgcrypt-grub/src/sexp.c
+@@ -1157,6 +1157,17 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                               }                                            \
+                        } while (0)
+ 
++#define MAKE_SPACE_EXTRA_CLEANUP(n, cleanup)  do {                            
\
++                            gpg_err_code_t _ms_err = make_space (&c, (n)); \
++                            if (_ms_err)                                   \
++                              {                                            \
++                                err = _ms_err;                             \
++                                *erroff = p - buffer;                      \
++                              cleanup;                                   \
++                                goto leave;                                \
++                              }                                            \
++                       } while (0)
++
+   /* The STORE_LEN macro is used to store the length N at buffer P. */
+ #define STORE_LEN(p,n) do {                                              \
+                           DATALEN ashort = (n);                          \
+@@ -1368,7 +1379,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                   goto leave;
+                 }
+ 
+-              MAKE_SPACE (datalen);
++              MAKE_SPACE_EXTRA_CLEANUP (datalen, xfree (b64buf));
+               *c.pos++ = ST_DATA;
+               STORE_LEN (c.pos, datalen);
+               for (i = 0; i < datalen; i++)
-- 
2.49.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to