GitHub-Mirror/u-boot
2
0
Fork 0
mirror of https://github.com/Fishwaldo/u-boot.git synced 2025-04-10 16:31:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

efi_loader: device_path: check against file path length

Browse source 
device_path strcuture has 2 bytes of "length" field, and so
file path length should not exceed this limit, 65535.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
AKASHI Takahiro 2019-10-09 16:19:52 +09:00 committed by Heinrich Schuchardt
parent c83b1bb923
commit 08c51fff30
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/efi_loader/efi_device_path.c
View file

@ -15,6 +15,7 @@
#include <part.h> #include <part.h>
#include <sandboxblockdev.h> #include <sandboxblockdev.h>
#include <asm-generic/unaligned.h> #include <asm-generic/unaligned.h>
#include <linux/compat.h> /* U16_MAX */
#ifdef CONFIG_SANDBOX #ifdef CONFIG_SANDBOX
const efi_guid_t efi_guid_host_dev = U_BOOT_HOST_DEV_GUID; const efi_guid_t efi_guid_host_dev = U_BOOT_HOST_DEV_GUID;
@ -888,13 +889,16 @@ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part,
{ {
struct efi_device_path_file_path *fp; struct efi_device_path_file_path *fp;
void *buf, *start; void *buf, *start;
unsigned dpsize = 0, fpsize; size_t dpsize = 0, fpsize;
if (desc) if (desc)
dpsize = dp_part_size(desc, part); dpsize = dp_part_size(desc, part);
fpsize = sizeof(struct efi_device_path) + fpsize = sizeof(struct efi_device_path) +
2 * (utf8_utf16_strlen(path) + 1); 2 * (utf8_utf16_strlen(path) + 1);
if (fpsize > U16_MAX)
return NULL;
dpsize += fpsize; dpsize += fpsize;
start = buf = dp_alloc(dpsize + sizeof(END)); start = buf = dp_alloc(dpsize + sizeof(END));
@ -908,7 +912,7 @@ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part,
fp = buf; fp = buf;
fp->dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE; fp->dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE;
fp->dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH; fp->dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH;
fp->dp.length = fpsize; fp->dp.length = (u16)fpsize;
path_to_uefi(fp->str, path); path_to_uefi(fp->str, path);
buf += fpsize; buf += fpsize;
@ -1070,5 +1074,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr,
*file = efi_dp_from_file(((!is_net && device) ? desc : NULL), *file = efi_dp_from_file(((!is_net && device) ? desc : NULL),
part, filename); part, filename);
if (!file)
return EFI_INVALID_PARAMETER;
return EFI_SUCCESS; return EFI_SUCCESS;
} }