From: B Horn <b@horn.uk>
Date: Sun, 12 May 2024 10:08:23 +0000 (+0100)
Subject: commands/ls: Fix NULL dereference
X-Git-Tag: archive/raspbian/2.12-8+rpi1^2~41
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c4a2cba6104cb5267f7ac0bbc88f47ea5c9efd7a;p=grub2.git

commands/ls: Fix NULL dereference

The grub_strrchr() may return NULL when the dirname do not contain "/".
This can happen on broken filesystems.

Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name commands-ls-Fix-NULL-dereference.patch
---

diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c
index 6a1c7f5..f660946 100644
--- a/grub-core/commands/ls.c
+++ b/grub-core/commands/ls.c
@@ -241,7 +241,11 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human)
 
 	  grub_file_close (file);
 
-	  p = grub_strrchr (dirname, '/') + 1;
+	  p = grub_strrchr (dirname, '/');
+	  if (p == NULL)
+	    goto fail;
+	  ++p;
+
 	  ctx.dirname = grub_strndup (dirname, p - dirname);
 	  if (ctx.dirname == NULL)
 	    goto fail;