From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: u-boot@lists.denx.de
Subject: Re: [PATCH 1/2] efi_loader: fix efi_get_next_variable_name_mem()
Date: Mon, 19 Dec 2022 11:15:13 +0200 [thread overview]
Message-ID: <Y6AroRtlthwFDGAS@hera> (raw)
In-Reply-To: <20221218060858.25578-2-heinrich.schuchardt@canonical.com>
On Sun, Dec 18, 2022 at 06:08:57AM +0000, Heinrich Schuchardt wrote:
> The VariableNameSize parameter is in bytes but u16_strnlen() counts u16.
>
> Fix the parameter check for null termination.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> ---
> include/efi_variable.h | 3 ++-
> lib/efi_loader/efi_var_mem.c | 6 +++---
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/include/efi_variable.h b/include/efi_variable.h
> index 03a3ecb235..805e6c5f1e 100644
> --- a/include/efi_variable.h
> +++ b/include/efi_variable.h
> @@ -268,7 +268,8 @@ const efi_guid_t *efi_auth_var_get_guid(const u16 *name);
> * efi_get_next_variable_name_mem() - Runtime common code across efi variable
> * implementations for GetNextVariable()
> * from the cached memory copy
> - * @variable_name_size: size of variable_name buffer in byte
> + *
> + * @variable_name_size: size of variable_name buffer in bytes
> * @variable_name: name of uefi variable's name in u16
> * @vendor: vendor's guid
> *
> diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c
> index 13909b1d26..0bac594e00 100644
> --- a/lib/efi_loader/efi_var_mem.c
> +++ b/lib/efi_loader/efi_var_mem.c
> @@ -315,14 +315,14 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size,
> u16 *variable_name, efi_guid_t *vendor)
> {
> struct efi_var_entry *var;
> - efi_uintn_t old_size;
> + efi_uintn_t len, old_size;
> u16 *pdata;
>
> if (!variable_name_size || !variable_name || !vendor)
> return EFI_INVALID_PARAMETER;
>
> - if (u16_strnlen(variable_name, *variable_name_size) ==
> - *variable_name_size)
> + len = *variable_name_size >> 1;
> + if (u16_strnlen(variable_name, len) == len)
> return EFI_INVALID_PARAMETER;
>
> if (!efi_var_mem_find(vendor, variable_name, &var) && *variable_name)
> --
> 2.37.2
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
next prev parent reply other threads:[~2022-12-19 9:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-18 6:08 [PATCH 0/2] efi_loader: fix efi_get_next_variable_name_mem() Heinrich Schuchardt
2022-12-18 6:08 ` [PATCH 1/2] " Heinrich Schuchardt
2022-12-19 9:15 ` Ilias Apalodimas [this message]
2022-12-18 6:08 ` [PATCH 2/2] efi_selftest: conformance test for GetNextVariableName Heinrich Schuchardt
2022-12-19 6:55 ` Ilias Apalodimas
2022-12-19 9:19 ` [PATCH 0/2] efi_loader: fix efi_get_next_variable_name_mem() Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y6AroRtlthwFDGAS@hera \
--to=ilias.apalodimas@linaro.org \
--cc=heinrich.schuchardt@canonical.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.