vathpela
commented
9 years ago Thanks, I've pulled this into master.
Closed LennySzubowicz closed 9 years ago
vathpela
commented
9 years ago Thanks, I've pulled this into master.
Deleting a boot entry via "-b xxxx -B" also attempts to remove that entry from boot order via a call to remove_from_boot_order. Although unusual, it's possible that the entry being deleted is not in boot order. Correct the handling of this case in remove_from_boot_order, which malloc's space for the new boot order list wrongly assuming that at least one entry will be removed. However, if no entry is removed, then 2 bytes are overwritten beyond the malloc'ed space. This can result in heap corruption and possible termination via a SIGABRT if the corruption is detected by the heap allocation routines.
While there, simplify the routine to do the removal of boot entries in place in the original data buffer, skip the unnecessary BootOrder variable update if nothing got removed, and free the malloc'ed boot_order struct on the way out.
Resolves: RH BZ 1168019
Signed-off-by: Lenny Szubowicz lszubowi@redhat.com