From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: Dan Carpenter <dan.carpenter@linaro.org>,
Masahisa Kojima <masahisa.kojima@linaro.org>,
u-boot@lists.denx.de
Subject: Re: [PATCH 1/1] efi_loader: fix invocation of efi_prepare_aligned_image
Date: Sun, 30 Jul 2023 21:42:02 +0300 [thread overview]
Message-ID: <ZMau+qiZoffDPWcg@hades> (raw)
In-Reply-To: <20230730073453.30582-1-heinrich.schuchardt@canonical.com>
Hi Heinrich
On Sun, Jul 30, 2023 at 09:34:53AM +0200, Heinrich Schuchardt wrote:
> When passing a pointer to a size_t variable to a function writing an u64
> value to the address a buffer overrun occurs on 32bit systems.
>
> Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement")
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> ---
> lib/efi_loader/efi_image_loader.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
> index 26df0da16c..71c713048d 100644
> --- a/lib/efi_loader/efi_image_loader.c
> +++ b/lib/efi_loader/efi_image_loader.c
> @@ -591,6 +591,8 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> struct pkcs7_message *msg = NULL;
> struct efi_signature_store *db = NULL, *dbx = NULL;
> void *new_efi = NULL;
> + u64 new_efi_size = efi_size;
> +
> u8 *auth, *wincerts_end;
> size_t auth_size;
> bool ret = false;
> @@ -600,11 +602,11 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> if (!efi_secure_boot_enabled())
> return true;
>
> - new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size);
> + new_efi = efi_prepare_aligned_image(efi, &new_efi_size);
> if (!new_efi)
> return false;
>
> - if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
> + if (!efi_image_parse(new_efi, new_efi_size, ®s, &wincerts,
> &wincerts_len)) {
> log_err("Parsing PE executable image failed\n");
> goto out;
> --
> 2.40.1
>
Dan already sent this here [0] and I was the one that requested a v2
changing the prototype of efi_prepare_aligned_image().
Since that proved to be more complicated we can pick the original patch instead
[0] https://lore.kernel.org/u-boot/40c5713c-3caa-4882-aa86-065689e83270@moroto.mountain/
Cheers
/Ilias
prev parent reply other threads:[~2023-07-30 18:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-30 7:34 [PATCH 1/1] efi_loader: fix invocation of efi_prepare_aligned_image Heinrich Schuchardt
2023-07-30 18:42 ` Ilias Apalodimas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMau+qiZoffDPWcg@hades \
--to=ilias.apalodimas@linaro.org \
--cc=dan.carpenter@linaro.org \
--cc=heinrich.schuchardt@canonical.com \
--cc=masahisa.kojima@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox