From 401a7131f31017fc73138d0e8c72ab92332b72c6 Mon Sep 17 00:00:00 2001 From: Vladimir 'phcoder' Serbinenko Date: Fri, 12 Apr 2013 20:17:53 +0200 Subject: [PATCH 290/364] * grub-core/net/http.c: Fix bad free. --- ChangeLog | 4 ++++ grub-core/net/http.c | 15 ++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ced68cc..79563b8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2013-04-12 Vladimir Serbinenko + * grub-core/net/http.c: Fix bad free. + +2013-04-12 Vladimir Serbinenko + * grub-core/net/drivers/ieee1275/ofnet.c: Don't attempt to send more than buffer size. diff --git a/grub-core/net/http.c b/grub-core/net/http.c index a7542d1..4684f8b 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -157,9 +157,10 @@ http_err (grub_net_tcp_socket_t sock __attribute__ ((unused)), if (data->sock) grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); + data->sock = 0; if (data->current_line) grub_free (data->current_line); - grub_free (data); + data->current_line = 0; file->device->net->eof = 1; file->device->net->stall = 1; if (file->size == GRUB_FILE_SIZE_UNKNOWN) @@ -175,6 +176,12 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), http_data_t data = file->data; grub_err_t err; + if (!data->sock) + { + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + } + while (1) { char *ptr = (char *) nb->data; @@ -432,7 +439,8 @@ http_seek (struct grub_file *file, grub_off_t off) grub_err_t err; old_data = file->data; /* FIXME: Reuse socket? */ - grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT); + if (old_data->sock) + grub_net_tcp_close (old_data->sock, GRUB_NET_TCP_ABORT); old_data->sock = 0; while (file->device->net->packs.first) @@ -529,7 +537,8 @@ http_packets_pulled (struct grub_file *file) if (!file->device->net->eof) file->device->net->stall = 0; - grub_net_tcp_unstall (data->sock); + if (data && data->sock) + grub_net_tcp_unstall (data->sock); return 0; } -- 1.8.1.4