kern/file: Call grub_dl_unref() after fs->fs_close()
With commit 16f196874 (kern/file: Implement filesystem reference counting) files hold a reference to their file systems. When closing a file in grub_file_close() we should not expect file->fs to stay valid after calling grub_dl_unref() on file->fs->mod. So, grub_dl_unref() should be called after file->fs->fs_close(). Fixes: CVE-2025-54771 Fixes: 16f196874 (kern/file: Implement filesystem reference counting) Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de> Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Thomas Frauendorfer | Miray Software
Daniel Kiper
parent
cc9d621dd0
commit
c4fb4cbc94
@ -201,12 +201,12 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len)
|
||||
grub_err_t
|
||||
grub_file_close (grub_file_t file)
|
||||
{
|
||||
if (file->fs->mod)
|
||||
grub_dl_unref (file->fs->mod);
|
||||
|
||||
if (file->fs->fs_close)
|
||||
(file->fs->fs_close) (file);
|
||||
|
||||
if (file->fs->mod)
|
||||
grub_dl_unref (file->fs->mod);
|
||||
|
||||
if (file->device)
|
||||
grub_device_close (file->device);
|
||||
grub_free (file->name);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user