normal: Remove variables hooks on module unload

The normal module does not entirely cleanup after itself in
its GRUB_MOD_FINI() leaving a few variables hooks in place.
It is not possible to unload normal module now but fix the
issues for completeness.

On the occasion replace 0s with NULLs for "pager" variable
hooks unregister.

Fixes: CVE-2025-0622
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name normal-Remove-variables-hooks-on-module-unload.patch

diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
index 33a238c533c67fd5e61d92632eabf4c8aa0bfbcb..527b249b92d7ceb195a9422a94738b38b3a3bfe9 100644 (file)
--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
@@ -664,7 +664,9 @@ GRUB_MOD_FINI(normal)
   grub_xputs = grub_xputs_saved;
 
   grub_set_history (0);
-  grub_register_variable_hook ("pager", 0, 0);
+  grub_register_variable_hook ("pager", NULL, NULL);
+  grub_register_variable_hook ("color_normal", NULL, NULL);
+  grub_register_variable_hook ("color_highlight", NULL, NULL);
   grub_fs_autoload_hook = 0;
   grub_unregister_command (cmd_clear);
 }