47cf63735c
Resolves: CVE-2020-10713 Resolves: CVE-2020-14308 Resolves: CVE-2020-14309 Resolves: CVE-2020-14310 Resolves: CVE-2020-14311 Resolves: CVE-2020-15705 Resolves: CVE-2020-15706 Resolves: CVE-2020-15707 Signed-off-by: Peter Jones <pjones@redhat.com>
56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
Date: Tue, 2 Jun 2020 13:25:01 +0200
|
|
Subject: [PATCH] http: Prepend prefix when the HTTP path is relative as done
|
|
in efi/http
|
|
|
|
There are two different HTTP drivers that can be used when requesting an
|
|
HTTP resource: the efi/http that uses the EFI_HTTP_PROTOCOL and the http
|
|
that uses GRUB's HTTP and TCP/IP implementation.
|
|
|
|
The efi/http driver appends a prefix that is defined in the variable
|
|
http_path, but the http driver doesn't.
|
|
|
|
So using this driver and attempting to fetch a resource using a relative
|
|
path fails.
|
|
|
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
---
|
|
grub-core/net/http.c | 10 +++++++++-
|
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
|
|
index b52b558d631..598961afbb5 100644
|
|
--- a/grub-core/net/http.c
|
|
+++ b/grub-core/net/http.c
|
|
@@ -26,6 +26,7 @@
|
|
#include <grub/dl.h>
|
|
#include <grub/file.h>
|
|
#include <grub/i18n.h>
|
|
+#include <grub/env.h>
|
|
|
|
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
|
@@ -501,13 +502,20 @@ http_open (struct grub_file *file, const char *filename)
|
|
{
|
|
grub_err_t err;
|
|
struct http_data *data;
|
|
+ const char *http_path;
|
|
|
|
data = grub_zalloc (sizeof (*data));
|
|
if (!data)
|
|
return grub_errno;
|
|
file->size = GRUB_FILE_SIZE_UNKNOWN;
|
|
|
|
- data->filename = grub_strdup (filename);
|
|
+ /* If path is relative, prepend http_path */
|
|
+ http_path = grub_env_get ("http_path");
|
|
+ if (http_path && filename[0] != '/')
|
|
+ data->filename = grub_xasprintf ("%s/%s", http_path, filename);
|
|
+ else
|
|
+ data->filename = grub_strdup (filename);
|
|
+
|
|
if (!data->filename)
|
|
{
|
|
grub_free (data);
|