leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

efi_loader: limit output length for VenHw, VenMedia

Browse Source 
VenHw and VenMedia device path nodes may carry vendor defined data of
arbitrary length. When converting a device path node to text ensure that we
do not overrun our internal buffer.

In our implementation of
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() we could first
determine the output length and then allocate buffers but that would nearly
double the code size. Therefore keep the preallocated buffers and truncate
excessive device paths instead.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Heinrich Schuchardt 2021-02-23 21:15:35 +01:00
parent 95cacc86f2
commit 9c081a7eab
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/efi_loader/efi_device_path_to_text.c
View File

@ -67,7 +67,8 @@ static char *dp_hardware(char *s, struct efi_device_path *dp)
s += sprintf(s, "VenHw(%pUl", &vdp->guid);
n = (int)vdp->dp.length - sizeof(struct efi_device_path_vendor);
if (n > 0) {
/* Node must fit into MAX_NODE_LEN) */
if (n > 0 && n < MAX_NODE_LEN / 2 - 22) {
s += sprintf(s, ",");
for (i = 0; i < n; ++i)
s += sprintf(s, "%02x", vdp->vendor_data[i]);
@ -251,7 +252,8 @@ static char *dp_media(char *s, struct efi_device_path *dp)
s += sprintf(s, "VenMedia(%pUl", &vdp->guid);
n = (int)vdp->dp.length - sizeof(struct efi_device_path_vendor);
if (n > 0) {
/* Node must fit into MAX_NODE_LEN) */
if (n > 0 && n < MAX_NODE_LEN / 2 - 24) {
s += sprintf(s, ",");
for (i = 0; i < n; ++i)
s += sprintf(s, "%02x", vdp->vendor_data[i]);