From: Alec Brown <alec.r.brown@oracle.com>
Date: Wed, 22 Jan 2025 02:55:12 +0000 (+0000)
Subject: disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails
X-Git-Tag: archive/raspbian/2.12-8+rpi1^2~25
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=97fce97c5478567dd325c54a3e8bb15e69a1315c;p=grub2.git

disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails

In the dev_iterate() function a handle is opened but isn't closed when
grub_malloc() returns NULL. We should fix this by closing it on error.

Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name disk-ieee1275-ofdisk-Call-grub_ieee1275_close-when-grub_m.patch
---

diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 4c5b89c..dbc0f1a 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -267,7 +267,10 @@ dev_iterate (const struct grub_ieee1275_devalias *alias)
 
       buf = grub_malloc (sz);
       if (!buf)
-	return;
+	{
+	  grub_ieee1275_close (ihandle);
+	  return;
+	}
       bufptr = grub_stpcpy (buf, alias->path);
 
       for (i = 0; i < args.nentries; i++)