commit fe30eed1baf8b1bdb87adc61c8013b48e25da938
author Matthew Garrett <mjg59@coreos.com> Tue Jul 14 23:58:51 2015
committer Edward Jee <edjee@google.com> Wed Mar 07 22:25:18 2018
tree 6e4387b7b69ff10cf824d9fba5260985426a9917
parent 78dd5816fe4d89eadeeaa28e3cea725dec109606

grub-lakitu: REDHAT: MASTER-SB: Fix race in EFI validation

(cherry picked from commit 81a5065ad76bbd66cdbbf565e0676d8ecc6dd8fa)
(from master-sb branch of https://github.com/rhboot/grub2)

BUG=b:69569602
TEST=TBD

Change-Id: I0498e2cc45e5ba4c835f5cff225362abb2f49276
Reviewed-on: https://chromium-review.googlesource.com/945891
Reviewed-by: Edward Jee <edjee@google.com>
Commit-Queue: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Trybot-Ready: Edward Jee <edjee@google.com>

grub-lakitu/grub-core/loader/i386/efi/linux.c

diff --git a/grub-lakitu/grub-core/loader/i386/efi/linux.c b/grub-lakitu/grub-core/loader/i386/efi/linux.c
index 9f399ea..89295bf 100644
--- a/grub-lakitu/grub-core/loader/i386/efi/linux.c
+++ b/grub-lakitu/grub-core/loader/i386/efi/linux.c
@@ -154,7 +154,7 @@
   grub_file_t file = 0;
   struct linux_kernel_header lh;
   grub_ssize_t len, start, filelen;
-  void *kernel;
+  void *kernel = NULL;
 
   grub_dl_ref (my_mod);
 
@@ -191,10 +191,6 @@
       goto fail;
     }
 
-  grub_file_seek (file, 0);
-
-  grub_free(kernel);
-
   params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
 
   if (! params)
@@ -203,15 +199,9 @@
       goto fail;
     }
 
-  memset (params, 0, 16384);
+  grub_memset (params, 0, 16384);
 
-  if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
-    {
-      if (!grub_errno)
-	grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
-		    argv[0]);
-      goto fail;
-    }
+  grub_memcpy (&lh, kernel, sizeof (lh));
 
   if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
     {
@@ -272,27 +262,12 @@
       goto fail;
     }
 
-  if (grub_file_seek (file, start) == (grub_off_t) -1)
-    {
-      grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
-		  argv[0]);
-      goto fail;
-    }
+  grub_memcpy (kernel_mem, (char *)kernel + start, len);
+  grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
+  loaded=1;
 
-  if (grub_file_read (file, kernel_mem, len) != len && !grub_errno)
-    {
-      grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
-		  argv[0]);
-    }
-
-  if (grub_errno == GRUB_ERR_NONE)
-    {
-      grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
-      loaded = 1;
-      lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
-    }
-
-  memcpy(params, &lh, 2 * 512);
+  lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
+  grub_memcpy (params, &lh, 2 * 512);
 
   params->type_of_loader = 0x21;
 
@@ -301,6 +276,9 @@
   if (file)
     grub_file_close (file);
 
+  if (kernel)
+    grub_free (kernel);
+
   if (grub_errno != GRUB_ERR_NONE)
     {
       grub_dl_unref (my_mod);