[U-Boot] [PATCH v4 2/7] efi_loader: Fix memory map size check to avoid out-of-bounds access
Alexander Graf
agraf at suse.de
Mon Oct 10 13:32:11 CEST 2016
On 10/09/2016 10:17 PM, Stefan Brüns wrote:
> The current efi_get_memory_map() function overwrites the map_size
> property before reading its value. That way the sanity check whether our
> memory map fits into the given array always succeeds, potentially
> overwriting arbitrary payload memory.
>
> This patch moves the property update write after its sanity check, so
> that the check actually verifies the correct value.
>
> So far this has not triggered any known bugs, but we're better off safe
> than sorry.
>
> If the buffer is to small, the returned memory_map_size indicates the
> required size to the caller.
>
> Signed-off-by: Stefan Brüns <stefan.bruens at rwth-aachen.de>
Reviewed-by: Alexander Graf <agraf at suse.de>
Alex
More information about the U-Boot
mailing list