This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Patch-Name: safe-alloc-3.patch
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.
In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.
In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.
In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).
Otherwise add FALLTHROUGH comment.
Closes: 50598
canonicalize_file_name clashed with gnulib function. Additionally
it was declared in 2 places: emu/misc.h and util/misc.h. Added
grub_ prefix and removed second declaration.
* grub-core/osdep/unix/getroot.c (strip_extra_slashes): Move inside
!defined (__GNU__).
(xgetcwd): Likewise.
* include/grub/emu/hostdisk.h (grub_util_hurd_get_disk_info)
[__GNU__]: Add prototype.
* util/getroot.c (grub_util_biosdisk_get_grub_dev) [__GNU__]: Format
long int using %ld rather than %d.
to determine if device is handled by devmapper.
(convert_system_partition_to_system_disk): Likewise.
(get_dm_uuid): Don't check explicitly if device is mapped, it's
already done in grub_util_open_dm.
* grub-core/kern/emu/hostdisk.c (grub_util_get_dm_node_linear_info):
Stop on meeting LVM, mpath or DMRAID.
(grub_hostdisk_os_dev_to_grub_drive): Canonicalize os device.
(read_device_map): Likewise.
* util/getroot.c (convert_system_partition_to_system_disk): Assume that
device is full disk rather than erroring out on LVM and similar cases.
grub_errno in the case where we handle GRUB_ERR_UNKNOWN_DEVICE by
falling back to the partition device, otherwise a later call to this
function may fail spuriously.
Reported by Axel Beckert. Fixes Debian bug #708614.
* Makefile.util.def (grub-mount): Add LIBGEOM to ldadd.
* grub-core/net/drivers/emu/emunet.c: Only include Linux-specific
headers on Linux.
(GRUB_MOD_INIT): Return immediately on non-Linux platforms; this
implementation is currently Linux-specific.
* util/getroot.c (exec_pipe): Define only on Linux or when either
libzfs or libnvpair is unavailable.
(find_root_devices_from_poolname): Remove unused path variable.
* grub-core/kern/emu/hostdisk.c (grub_util_get_dm_node_linear_info):
to here. New return value start. All users updated.
Recursively scan linear mappings.
* include/grub/emu/hostdisk.h (grub_util_get_dm_node_linear_info): New
proto.
* grub-core/kern/emu/hostdisk.c (grub_hostdisk_find_partition_start):
Use grub_util_get_dm_node_linear_info.
* util/getroot.c (convert_system_partition_to_system_disk): Use
grub_util_info rather than grub_dprintf.
(grub_util_biosdisk_get_grub_dev): Add a new grub_util_info.
