efi: check *path non-null before grub_strrchr

The EFI version of grub_machine_get_bootlocation crops the boot image
name back to the last / in order to get a directory path. However, it
does not check that *name is actually set before calling grub_strrchr
to do this, and neither does grub_strrchr before dereferencing a NULL
pointer.

Parent function, grub_set_prefix_and_root, does check the pointer
before using.

diff --git a/ChangeLog b/ChangeLog
index 87faadf..07d0646 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-01-07  Leif Lindholm <leif.lindholm@linaro.org>
+
+       * grub-core/kern/efi/init.c: check value of *path before
+       dereferencing.
+
 2014-11-03  Michael Chang  <mchang@suse.com>
 
        * grub-core/net/icmp6.c (grub_net_recv_icmp6_packet): Fix size

diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index 942ab02..e9c85de 100644 (file)
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -63,10 +63,13 @@ grub_machine_get_bootlocation (char **device, char **path)
   if (!*device && grub_efi_net_config)
     grub_efi_net_config (image->device_handle, device, path);
 
-  /* Get the directory.  */
-  p = grub_strrchr (*path, '/');
-  if (p)
-    *p = '\0';
+  if (*path)
+    {
+      /* Get the directory.  */
+      p = grub_strrchr (*path, '/');
+      if (p)
+        *p = '\0';
+    }
 }
 
 void