[U-Boot] [PATCH v2 2/6] efi_loader: Fix memory map size check to avoid out-of-bounds access
Alexander Graf
agraf at suse.de
Sat Oct 1 19:36:27 CEST 2016
On 01.10.16 19:31, Stefan Brüns wrote:
> Do not overwrite the specified size of the provided buffer without
> having checked it is sufficient.
>
> If the buffer is to small, memory_map_size is updated to indicate the
> required size, and an error code is returned.
>
> Signed-off-by: Stefan Brüns <stefan.bruens at rwth-aachen.de>
> ---
> lib/efi_loader/efi_memory.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
> index ebe8e94..72a5870 100644
> --- a/lib/efi_loader/efi_memory.c
> +++ b/lib/efi_loader/efi_memory.c
> @@ -342,6 +342,11 @@ efi_status_t efi_get_memory_map(unsigned long *memory_map_size,
>
> map_size = map_entries * sizeof(struct efi_mem_desc);
>
> + if (*memory_map_size < map_size) {
> + *memory_map_size = map_size;
> + return EFI_BUFFER_TOO_SMALL;
IIRC I had issues with that approach in the past with payloads that
wanted to determine the descriptor size regardless of the error output.
I liked your previous version better - it really just needed a
description overhaul :)
Alex
More information about the U-Boot
mailing list