leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

efi_loader: Fix buffer underflow

Browse Source 
If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.

    Negative index in efi_unicode_collation.c:262.

The index of the 'codepage' array should be c - 0x80 instead of i - 0x80.

Fixes: 0bc4b0da7b ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
Mikhail Ilin 2022-11-22 10:33:24 +03:00 committed by Heinrich Schuchardt
parent 16e49a14b2
commit ae182a25f5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/efi_loader/efi_unicode_collation.c
View File

@ -257,7 +257,7 @@ static void EFIAPI efi_fat_to_str(struct efi_unicode_collation_protocol *this,
for (i = 0; i < fat_size; ++i) {
c = (unsigned char)fat[i];
if (c > 0x80)
c = codepage[i - 0x80];
c = codepage[c - 0x80];
string[i] = c;
if (!c)
break;